Sophos XG Firewall: How to view Trace Route statistics


  • Trace Route is a useful tool that helps determine if a packet or communication stream is being stopped at the device or is lost in the Internet. It does this by tracing the path of a packet from the source system to the destination system over the Internet. Trace Route can be executed from both the Admin Console and the Command Line Interface (CLI).
  • Administrators can use the Trace Route tool to:
  • Find any discrepancies in the network or the ISP network.
  • Trace Route can be executed from the Admin Console and the CLI console. Trace the path taken by a packet from the source system to the destination system, by using the Internet.


  • Trace Route the IP address


Trace Route using the Admin Console

  • You must be logged in to the Admin Console as an administrator with Read-Write permissions for the relevant feature(s).
  • Go to Monitor & Analyze > Diagnostics > Tools, under the Trace Route section, enter the parameters in the table below:
  • Click Trace Route to view route information between the device and specified IP address.
  • The Trace Route Result shows all the routes the data packets traverse through to the destination system from the source system. It also shows the maximum hops and total time taken by the packet to return (in milliseconds). 

Trace Route using the CLI console

  • Log in to SF CLI Console (Telnet or SSH).
  • Choose option 4. Device Console and press Enter.
  • Execute the following command to execute trace route:
  • console > system diagnostics utilities traceroute
  • Here, trace route is executed for the IP address The traceroute command can also be used in conjunction with other parameters such as string, first-ttl, icmp, max-ttl, no-frag, probes, source, timeout or tos. See a description of the other parameters in the table below.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.