ā11-10-201609:27 PM - edited ā03-05-201907:27 AM
Hi all,
I have a question. In my production network I saw in a layer-3 switch there is configured a default route pointing towards next-hop ip (virtual IP of firewall) and the next-hop ip block is configured in a VLAN in the layer-3 switch. When I do trace I do not see the firewall ip address in the trace. Here you can tell that might be firewall is denying ping. But my observation is, if firewall is denying ping then I could see some timeout result for a hop in the trace path. But I did not see any timeout in the trace path rather I saw another IP address which is not the next-hop ip that we configured. Can anyone help to understand what is happening here ?
Actually I do not know as firewalls are being managed by another team. I just saw from my layer 3 switch that for default-route next-hop IP is the firewall's virtual IP where two firewall is working as active and passive mode.
Regards, Deepak Kumar, Don't forget to vote and accept the solution if this comment will help you!
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
