Enabling Traceroute to AWS

Product: Stratusphere FIT/UX

Product Version: All

Expires on: 365 days from publish date

Updated: November 21, 2018



Traceroute not allowed to AWS instance.

Possible resolution:

1. Ensure a connector ID is installed on both endpoint machines (client and AWS) and that they are communicating to the hub.

2. In the Stratusphere Web UI, navigate to Hub Administration> Connector ID Keys> Connector ID Key Properties> Configure Metrics> Perform Trace Route on Remote Sessions must be checked along with right protocol.  Save the settings

3. If a Windows server, Windows firewall blocks inbound Echo requests by default. Allow Echo requests by creating a windows firewall exception:

  • Go to Start and type Windows Firewall with Advanced Security
  • Select Inbound Rules
  • Right click on File and Printer Sharing (Echo Request ICMPv4-In)and choose Enable Rule (There may be separate rules for public/private or domain.  Depending on domain of hub and machines, you may have to check this for desktops as well)

Add a Windows Server ICMP Rule to allow Pings and Echos


4. Enable ICMP in AWS managment console

  • First make sure the EC2 instance has a public IP. If has a Public DNS or Public IP address (circled below) then you should be good. This will be the address you ping. 


  • Next make sure the Amazon network rules allow Echo Requests. Go to the Security Group for the instance, right click, select inbound rules

A. select Add Rule

B. Select Custom ICMP Rule - IPv4

C. Select Echo Request

D. Select either Anywhere or My IP(this would be the client machine)

E. Select Save

Add a Security Group ICMP Rule to allow Pings and Echos

The traceroute should now be working.  You can verify ICMP is allowed by pinging the instance from the client machine.  A Traceroute inspector should appear in Stratusphere UX> Advanced> Inspectors

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.