10-02-2023 09:09 PM - edited 10-02-2023 09:13 PM
I have two GlobalProtect installations each configured differently. I can ping and connect to IPv6 destinations just fine. If I run a traceroute to the IPv6 destinations using UDP or ICMP, I do not get the hops before the destination. For example:
Tracing route to google.com [2607:f8b0:4005:80d::200e]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 15 ms 14 ms 14 ms 2607:f8b0:4005:80d::200e
If I use a system that is on-prem, not using GlobalProtect, the traceroutes work fine. We have two WANs, and an Internet connection, and it doesn't matter what path I traceroute across. The same thing happens.
I can get the traceroute to show every hop from the GlobalProtect connected machine if I do the following:
1.) Traceroute using an on-prem system
2.) Record each hop I learned from the on-prem machine
3.) Ping each hop from the GlobalProtect machine
4.) Traceroute from the GlobalProtect Machine
Then the traceroute works! I can't always do this though, especially if there are a lot of router choices and the packets choose a different path. Very weird that pinging each hop in the path gets the traceroute to work.
Has anyone every experienced issues not getting the hops in the path when tracerouting to IPv6 destinations from GlobalProtect? I am trying to figure out what could be blocking it. The Security Policies we have are wide open outbound.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
