FortiGate drops traceroute UDP

arie_arie · ‎06-26-2024

Hi,

I know that the UDP based traceroute will be dropped by FortiGate if I try to traceroute to FortiGate' IP address (e.g. management IP).

But for endpoint behind the FortiGate, does FortiGate also drop this UDP based traceroute even I have allowed any in the firewall policy?

Thank you

srajeswaran · ‎06-26-2024

Fortigate is expected to take action based on the firewall policy, if you have allowed it ideally it is expected to work fine.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

arie_arie · ‎06-26-2024

Hi,

I see, I think I need to do debug flow to see why the traceroute packet is not sent to endpoint.

srajeswaran · ‎06-26-2024

Yes, flow debug will give us better idea. Can you make sure the endpoint IP is not configured on Fortigate as any VIP?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

arie_arie · ‎06-26-2024

Yes, the endpoint is not configured as any VIP.

The endpoint gateway is on the FortiGate

Nominate a Forum Post for Knowledge Article Creation