Traceroute through the firewall will work as of 7.0.1.03 and 8.1.2; it did not work in previous versions of the firewall. In order to pass traceroute through the firewall, an ICMP packet filter rule is required. In my testing, I created an ICMP packet filter rule with the following Generic (Required) application defense settings:
General tab: Default Values (no proxies selected)
Stateful Inspection tab:
- Enable stateful packet inspection
- ICMP Message types (all selected)
- Allowed control and error responses: Default selected ('timxceed_intrans', 'unreach_needfrag', 'unreach_port')
Note: You may also need to allow UDP ports (depending on how you are using tracert), but in my testing I did not need to). Also, in case you reference the Product Guide - it is incorrect and out of date; it still states that, "Traceroute is not allowed through the firewall."
Looks like these firewalls need to be updated then. When I look at Help > About it says Console Version 4.10.
Would you mind pointing me in the direction of where to get the firmware update details?
1 of 1 people found this helpful
That is the version of the Admin Console, not the firewall. Go the the Dashboard and see what the 'Version' is, or from CLI, type 'uname -r'. Either way, you can download patches directly to the firewall (if it has Internet access) under the Maintenance - Software management screen (click 'Check for Updates'). You can also download patches from http://www.mcafee.com/us/downloads (use your Grant number to access the site).
Ah, perfect, thanks!
I'm on version 7.01.02 which is one version previous to when you stated it was fixed. Looks like things will need to be updated.
Appreciate your prompt response as always rdestics.