How is possible active traceroute in Sophos XG, in the last models exist one part on activate or desactivate this options but in the XG i don't see any check for this purposal.
My hosts are reachable from ping but when i launch traceroute always the last hop is sophos and i not view any hop after firewall.
Hi, thanks for reply.
I create one rule permit Info_Address, Info_Request, Ping and IMCP, but ping works correctly and traceroute no. I try from Linux and MacOs computer but the result is the same.
I have a sensation that is a problem from a bgp process when the networks are published from Sophos, but not are connected directly.
I have to run new tests.
then answer appears to be traceroute -I sophos.com on MACs.
can you try from Linux box?
UTM Certified Architect - XG Certified Architect
so no linux boxes these days other the Sophos firewall devices,
Try adding the following from internal to external
Enterprise Architect & Business owner
Just tried and traceroute does not work.
The only way to allow traceroute is the -I option.
Have you tried creating the firewall rule to allow the UDP ports to egress?
TraceRoute works for me once this has been done.
Yes, I did it.
In my case does not work.
I am comfortable with the -I option