ScreenOS Firewalls (NOT SRX)
Reply
Contributor
FallinlovewithJuniper
Posts: 35
Registered: ‎06-25-2008
0

trace result

Hi

I am tracing the trusted hosts from one zone of my firewall to another zone on the same firewall. Ping result is OK but when I am using trace commands, it shows like the result below, showing some request time outs but finally reacing the host.

 


  1     1 ms     1 ms     1 ms  10.3.12.249
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     6 ms     3 ms     3 ms  172.18.77.16

Trace complete.

 

Thanks 

Regards,

Awan
Distinguished Expert
Raheel
Posts: 414
Registered: ‎06-18-2008
0

Re: trace result

[ Edited ]

This is normal behavior.


When executing traceroute, the '*' (asterisk) sign appears at hop 14 of the traceroute output. This means that the traceroute attempt has timed out. If this
command is repeated to the target system several times at different times of the day and still receive the same output with the '*', then it probably means that a firewall has been installed on the target system. This is also easily verified when surfing to http://www.nasdaq.com The asterisk sign being displayed in the output of the traceroute command indicates that a firewall is installed between the source system and the destination system and is filtering out traceroute attempts. As a result, the target system does not reply to the traceroute a request which causes the probe packet to time due to the firewall.

 

also check

 

http://kb.juniper.net/KB5020

 

thanks

Raheel  

Message Edited by Raheel on 07-09-2008 05:32 AM
Follow me on Twitter @anwar_raheel

--
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
Contributor
FallinlovewithJuniper
Posts: 35
Registered: ‎06-25-2008
0

Re: trace result

Hi Raheel

there is no firewall on target system, it works well earlier but when we have replaced from NS500 with OS version 5.1.0r4 to ISG2000 with OS version 5.0.0r9.2. After replacing the firewall from NS500 to ISG2000, i am facing this problem.

 

Hope the problem is now clear to you. Anyone has the solution of problem?

Regards,

Awan
Distinguished Expert
Raheel
Posts: 414
Registered: ‎06-18-2008
0

Re: trace result

Hi Awan,

 

sorry for misunderstanding, can you please use latest OS on ISG2000? 


please post your result.

 

thanks

Raheel Anwar

 

Follow me on Twitter @anwar_raheel

--
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.