07-08-2008 10:33 PM
I am tracing the trusted hosts from one zone of my firewall to another zone on the same firewall. Ping result is OK but when I am using trace commands, it shows like the result below, showing some request time outs but finally reacing the host.
1 1 ms 1 ms 1 ms 10.3.12.249
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 6 ms 3 ms 3 ms 172.18.77.16
07-09-2008 05:28 AM - edited 07-09-2008 05:32 AM
This is normal behavior.
When executing traceroute, the '*' (asterisk) sign appears at hop 14 of the traceroute output. This means that the traceroute attempt has timed out. If this
command is repeated to the target system several times at different times of the day and still receive the same output with the '*', then it probably means that a firewall has been installed on the target system. This is also easily verified when surfing to http://www.nasdaq.com The asterisk sign being displayed in the output of the traceroute command indicates that a firewall is installed between the source system and the destination system and is filtering out traceroute attempts. As a result, the target system does not reply to the traceroute a request which causes the probe packet to time due to the firewall.
07-15-2008 10:57 AM
there is no firewall on target system, it works well earlier but when we have replaced from NS500 with OS version 5.1.0r4 to ISG2000 with OS version 5.0.0r9.2. After replacing the firewall from NS500 to ISG2000, i am facing this problem.
Hope the problem is now clear to you. Anyone has the solution of problem?
09-07-2008 04:53 PM
sorry for misunderstanding, can you please use latest OS on ISG2000?
please post your result.