This tool helps administrators understand how the firewall will handle specific network traffic — based on the source or destination IP address and port. It is designed to be simple and visual, making routing issues easier to diagnose.
From your firewall's web interface:
- Go to Maintenance
- Select Packet Flow Explore
- Then choose the tab called Route Traces
- Input matching criteria:
- Source IP address (e.g., from your PC).
- Send live traffic packet to Destination IP address (e.g., a ping).
- Filter Protocol (e.g., ICMP).
- Click Capture.
- Observe the result:
- Outgoing interface (e.g., GE1, GE2, or VPN).
Example
Suppose a device at 192.168.11.33 attempts to ping 10.1.1.1. Based on a policy route:
- If destined for 10.1.1.1/32, traffic exits via GE1.
- If destined for 10.1.1.4/24, traffic exits via GE2.
Route Trace confirms this by displaying:
- The ICMP traffic type.
- The matched interface (GE1 or GE2).
For route-based VPNs, it will show the virtual tunnel interface (VTI) as the outbound path, while in policy-based VPNs, the physical interface (e.g., Ge1) is shown.
Note: In ZLD, packets sent through Policy-based VPN, the interface is “doll”.
Comments
0 commentsPlease sign in to leave a comment.