SD-WAN Diagnostics Tool traffic (ping, traceroute and iperf) is being dropped by firewall policy
Article ID: CTX318232
Updated On:
Description
SD-WAN Diagnostics Tool traffic (ping, traceroute and iperf) is being dropped by a firewall policy manually configured to drop traffic that has not been explicitly allowed.
Resolution
Configure the following 3 firewall policies to allow: ping, iperf and traceroute
1. Allow ping/icmp => ANY to IPHOST and viceversa.
*This policy allows ICMP traffic in both ping and traceroute cases.
2. Allow iperf (running on default port 5001) => IPHOST to Virtual PATH and viceversa
3. Allow traceroute/udp => IPHOST to Virtual PATH and viceversa
Apply the firewall rules as a Post-Appliance Template Policy with lower priority than the firewall rule that is dropping Diagnostics traffic:
1. Allow ping/icmp => ANY to IPHOST and viceversa.
*This policy allows ICMP traffic in both ping and traceroute cases.
2. Allow iperf (running on default port 5001) => IPHOST to Virtual PATH and viceversa
3. Allow traceroute/udp => IPHOST to Virtual PATH and viceversa
Apply the firewall rules as a Post-Appliance Template Policy with lower priority than the firewall rule that is dropping Diagnostics traffic:
Problem Cause
Firewall policy dropping Diagnostics Tool traffic (ping, traceroute and iperf)
Was this article helpful?
Yes
No
Powered by
