11-01-2016 01:11 PM
Hello Experts
I want to check which route is matching for some host IP like 10.155.7.33, so I can check the outgoing interface and destination zone for policy lookup. When I run the command “show routing route destination 10.155.7.33/32”, it is showing nothing. Although I have matching route 10.115.7.0/24 in the routing table.
Kindly help !
11-01-2016 03:08 PM
Use traceroute command
11-01-2016 11:48 PM
Thanks. Unfortunately traceroute is not allowed on firewall. For outgoing self traffic of firewall, like ping/traceroute, should I need intra-zone policy to allow source address: self ip of firewall, destination: any ?
But surprisingly, show routing route command does not show matching route. Strange ! or I am missing something
Appreciated your reply
11-02-2016 02:14 AM
Hi,
intra-zone traffic is permitted by default on FW. Self-traffic is not scanned by security policies, so if it is destined to the FW or initiated by FW.
Cheers
11-02-2016 04:16 AM
Hello
In our fw, intra-zone policies are blocked so In this case I need to create explicit rules for traffic destined to the FW or initiated by FW?
Appreciated your reply
11-08-2016 02:00 PM
The "show" command would only find something if you had a route exactly for 10.155.7.33/32.
However, what you want to use is the "test" command:
test routing fib-lookup virtual-router default ip <destination-ip>
Output will show which route matches this destination IP address.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
