Staff

Technical Tip: FortiGate replies to pings on down interface

Forum|Forum|4 years ago
May 21, 2022
0 replies
2752 views

Description

This article describes that FortiGate replies to ping requests to an IP configured on a currently down interface.

Scope

FortiGate.

Solution

There are two cases:

Link is down, but the port is administratively up (e.g., disconnected cable).

FortiGate will reply to a ping request.

There is an up flag:

diagnose netlink interface list

if=port3 family=00 type=1 index=9 mtu=1500 link=0 master=0
ref=14 state=start present no_carrier fw_flags=0 flags=up broadcast multicast

Port is administratively down (set status down).

In this case, FortiGate will not reply.

There is no up flag:

diagnose netlink interface list

if=port3 family=00 type=1 index=9 mtu=1500 link=0 master=0
ref=9 state=present no_carrier fw_flags=0 flags=broadcast multicast

Note: If it is required that an interface always appear as up, a loopback interface is the best option. It remains up at all times and can also be used for Layer 3 testing.

FortiGate

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded