1- Check the Routing Table
This command displays the firewall’s routing table to see how traffic is routed, including the default route (0.0.0.0/0).
show routing route
Filter only the default route
show routing route | match 0.0.0.0
2- Check the Route for a Specific Destination (e.g. 8.8.8.8)
To see how a particular destination is being routed, use:
test routing fib lookup virtual-router <Your Virtual Router Name> IP 8.8.8.8
test routing fib lookup virtual-router default ip 8.8.8.8
3. Trace the Route to a Destination (Traceroute)
To check the path the traffic takes to reach a destination:
traceroute host 8.8.8.8
4. Verify Sessions for Internet Traffic
To check active sessions and ensure traffic is flowing through the firewall:
show session all filter destination 8.8.8.8
5. Check NAT Translation (If NAT is Used)
To see how the firewall is translating the source IP:
show running nat-policy
6. Check Global Counters for Drops
To check if packets are being dropped, run:
show counter global filter packet-filter yes delta yes
7. Run a Packet Capture (Optional)
If the issue is still unclear, run a packet capture:
tcpdump filter "host <DESTINATION-IP>"
Example Below : This will show if packets are leaving or being blocked.
tcpdump filter "host 8.8.8.8"