Fortinet black logo

CLI Reference

traceroute

traceroute

Use this command to use ICMP to test the connection between the FortiWeb appliance and another network device, and display information about the time required for network hops between the device and the FortiWeb appliance.

To use this command, your administrator account’s access control profile must have at least r permission to the sysgrp area. For details, see Permissions.

Syntax

execute traceroute {"<host_fqdn>" | "<host_ipv4>"}

Variable Description Default

traceroute {"<host_fqdn>" | "<host_ipv4>"}

Enter either the IP address or fully qualified domain name (FQDN) of the host. No default.

Example

This example tests connectivity between the FortiWeb appliance and docs.fortinet.com. In this example, the trace times out after the first hop, indicating a possible connectivity problem at that point in the network.

FortiWeb# execute traceroute docs.fortinet.com

traceroute to docs.fortinet.com (65.39.139.196), 30 hops max, 38 byte packets

1 192.0.2.200 (192.0.2.200) 0.324 ms 0.427 ms 0.360 ms

2 * * *

Example

This example tests the availability of a network route to the server example.com.

execute traceroute example.com

The CLI displays the following:

traceroute to example.com (192.168.1.10), 32 hops max, 72 byte packets

1 172.16.1.2 0 ms 0 ms 0 ms

2 10.10.10.1 <static.isp.example.net> 2 ms 1 ms 2 ms

3 10.20.20.1 1 ms 5 ms 1 ms

4 10.10.10.2 <core.isp.example.net> 171 ms 186 ms 14 ms

5 10.30.30.1 <isp2.example.net> 10 ms 11 ms 10 ms

6 10.40.40.1 73 ms 74 ms 75 ms

7 192.168.1.1 79 ms 77 ms 79 ms

8 192.168.1.2 73 ms 73 ms 79 ms

9 192.168.1.10 73 ms 73 ms 79 ms

10 192.168.1.10 73 ms 73 ms 79 ms

Example

This example attempts to test connectivity between the FortiWeb appliance and example.com. However, the FortiWeb appliance could not trace the route, because the primary or secondary DNS server that the FortiWeb appliance is configured to query could not resolve the FQDN example.com into an IP address, and it therefore did not know to which IP address it should connect. As a result, an error message is displayed.

FortiWeb# execute traceroute example.com

traceroute: unknown host example.com

Command fail. Return code 1

To resolve the error message in order to perform connectivity testing, the administrator would first configure the FortiWeb appliance with the IP addresses of DNS servers that can resolve the FQDN example.com. For details, see system dns.

Related topics

traceroute

Use this command to use ICMP to test the connection between the FortiWeb appliance and another network device, and display information about the time required for network hops between the device and the FortiWeb appliance.

To use this command, your administrator account’s access control profile must have at least r permission to the sysgrp area. For details, see Permissions.

Syntax

execute traceroute {"<host_fqdn>" | "<host_ipv4>"}

Variable Description Default

traceroute {"<host_fqdn>" | "<host_ipv4>"}

Enter either the IP address or fully qualified domain name (FQDN) of the host. No default.

Example

This example tests connectivity between the FortiWeb appliance and docs.fortinet.com. In this example, the trace times out after the first hop, indicating a possible connectivity problem at that point in the network.

FortiWeb# execute traceroute docs.fortinet.com

traceroute to docs.fortinet.com (65.39.139.196), 30 hops max, 38 byte packets

1 192.0.2.200 (192.0.2.200) 0.324 ms 0.427 ms 0.360 ms

2 * * *

Example

This example tests the availability of a network route to the server example.com.

execute traceroute example.com

The CLI displays the following:

traceroute to example.com (192.168.1.10), 32 hops max, 72 byte packets

1 172.16.1.2 0 ms 0 ms 0 ms

2 10.10.10.1 <static.isp.example.net> 2 ms 1 ms 2 ms

3 10.20.20.1 1 ms 5 ms 1 ms

4 10.10.10.2 <core.isp.example.net> 171 ms 186 ms 14 ms

5 10.30.30.1 <isp2.example.net> 10 ms 11 ms 10 ms

6 10.40.40.1 73 ms 74 ms 75 ms

7 192.168.1.1 79 ms 77 ms 79 ms

8 192.168.1.2 73 ms 73 ms 79 ms

9 192.168.1.10 73 ms 73 ms 79 ms

10 192.168.1.10 73 ms 73 ms 79 ms

Example

This example attempts to test connectivity between the FortiWeb appliance and example.com. However, the FortiWeb appliance could not trace the route, because the primary or secondary DNS server that the FortiWeb appliance is configured to query could not resolve the FQDN example.com into an IP address, and it therefore did not know to which IP address it should connect. As a result, an error message is displayed.

FortiWeb# execute traceroute example.com

traceroute: unknown host example.com

Command fail. Return code 1

To resolve the error message in order to perform connectivity testing, the administrator would first configure the FortiWeb appliance with the IP addresses of DNS servers that can resolve the FQDN example.com. For details, see system dns.

Related topics