Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

现有一网络,拓扑为出口深信服上网行为管理AC,下接深信服防火墙AF,AC的WAN口接公网,AC的LAN口接AF的WAN口,AF的LAN口为内网PC的网关。AC上做NAT代理上网,AF上不启用NAT。现在内网PC上网正常,ping百度也正常,但是tracert百度的时候,第一跳是AF的内网,第二跳第三跳都是星号*,第四跳就是AC的WAN口的网关,就是运营商的地址了。

在防火墙上去traceroute百度,前两跳仍然不显示。继续排查,发现是深信服AC的机制问题。

关于深信服AC跟踪路由不显示的说明如下:

1、AC设备主要用于上网管理和审计,为了避免被内网终端窥探,及出于网络安全考虑,默认不回复跟踪路由的请求,因此跟踪路由时会显示为*号。
2、截止标准版本上网行为管理12.0.42和全网行为管理13.0.7,AC暂不支持界面设置开启tracert显示AC IP地址功能

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...