This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traceroute on Sophos XG

Hi.

How is possible active traceroute in Sophos XG, in the last models exist one part on activate or desactivate this options but in the XG i don't see any check for this purposal. 

My hosts are reachable from ping but when i launch traceroute always the last hop is sophos and i not view any hop after firewall.

 



This thread was automatically locked due to age.
Parents
  • Hi, thanks for reply. 

    I create one rule permit Info_Address, Info_Request, Ping and IMCP, but ping works correctly and traceroute no. I try from Linux and MacOs computer but the result is the same. 

    I have a sensation that is a problem from a bgp process when the networks are published from Sophos, but not are connected directly. 

    I have to run new tests. 

     

  • Hi folks,

    then answer appears to be traceroute -I sophos.com on MACs.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Ian,

    can you try from Linux box?

    Thanks

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • Hi Luk,

    so no linux boxes these days other the Sophos firewall devices,

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Try adding the following from internal to external

     

    Name TraceRoute
    Type TCP/UDP
    Details UDP (1:65535) / (33434:33534)

    Tim Grantham

    Enterprise Architect & Business owner

  • Just tried and traceroute does not work.

    The only way to allow traceroute is the -I option.

    Thanks Ian.

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • Have you tried creating the firewall rule to allow the UDP ports to egress?

     

    TraceRoute works for me once this has been done.

     

    Tim Grantham

    Enterprise Architect & Business owner

Reply
  • Have you tried creating the firewall rule to allow the UDP ports to egress?

     

    TraceRoute works for me once this has been done.

     

    Tim Grantham

    Enterprise Architect & Business owner

Children