Probes are NOT sent out using the interface as returned by route lookup, so pinging the monitored target IP address from dataplane using CLI is not always a valid test to troubleshoot monitoring probe failures.
Probes are sent out of the same egress interface as configured in the PBF rule, either via the next hop mentioned, or in case of a tunnel interface, via the same tunnel.įurther down the network, these probes should be treated as normal ICMP echo requests and for probes to be successful, proper Access Lists, routes should be configured. do not apply on these probes on the firewall where monitoring is configured. Route lookup/ policy lookup/ nat lookup etc. Probes use ICMP echo requests with the source IP address of the egress interface as configured under the Forwarding tab of the PBF rule. The following KB explain the PBF and Tunnel Monitor, but Path monitor on static route is pretty much the same concept Hi I am afraid that there is no way to see this traffic from the firewall.