Zone protection - Show hops between source & dst.

Reply
Highlighted
L1 Bithead

Zone protection - Show hops between source & dst.

Hello,

 

I want to see the hops between the source and destination when I do tracert from my PC to an IP.

The tracert is shown as completed.

 

 

2019-05-16 16_31_47-C__Windows_system32_cmd.exe.png

 

I followed the following kb but didn't work: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfsCAC

 

I disable Zone protection from the Zone initiating the conection(Trust) a few minutes but only shows the Firewall's IP. Then I enable again Zone protection and I didn´t see any hops, just the trace complete.

 

I was wondering if this is out of the reach of PALO ALTO & must be because of my ISP.

-Note: Using a different ISP I am able to see the hops between the source & destination.

L7 Applicator

Re: Zone protection - Show hops between source & dst.

@upatino,

So the real question on this would be if you are seeing the packets getting dropped in the global counters as described in the KB, that would tell you if Zone Protection is at play. If you are seeing the firewall's interface IP however and then not seeing anything further it's likely your ISP is the issue; if the same exact setup is working when routing through a secondary ISP connection then it's 100% an ISP issue and not the firewall. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!