Fortinet 648 FortiWeb 5.0 Patch 6 Administration Guide
Testing routes & latency with traceroute
traceroute sends ICMP packets to test each hop along the route. It sends three packets to
the destination, and then increases the time to live (TTL) setting by one, and sends another
three packets to the destination. As the TTL increases, packets go one hop farther along the
route until they reach the destination.
Most traceroute commands display their maximum hop count — that is, the maximum
number of steps it will take before declaring the destination unreachable — before they start
tracing the route. The TTL setting may result in routers or firewalls along the route timing out due
to high latency.
Where ping only tells you if the signal reached its destination and returned successfully,
traceroute shows each step of its journey to its destination and how long each step takes. If
you specify the destination using a domain name, the traceroute output can also indicate
DNS problems, such as an inability to connect to a DNS server.
By default, traceroute uses UDP with destination ports numbered from 33434 to 33534. The
traceroute utility usually has an option to specify use of ICMP ECHO_REQUEST (type 8) instead,
as used by the Windows tracert utility. If you have a firewall and you want traceroute to
work from both machines (Unix-like systems and Windows) you will need to allow both
protocols inbound through your firewall (UDP ports 33434 - 33534 and ICMP type 8).
To trace the route to a device from the FortiWeb CLI
1. Log in to the CLI via either SSH, Telnet, or You can ping from the FortiWeb appliance in the
CLI Console widget of the web UI.