can´t ping ippool from cli @120G 7.2.9 - works fine @80F 7.2.9

Question

Hi,i have these firewall in a test setup (for production) and each has a basic setup.Internal LAN with DHCP, two WAN interfaces, a SD-WAN setup, a single firewall rule for internet traffic.A simple 0.0.0.0/0.0.0.0 static route using SD-WAN and a IP Pool address.IP Pool address 172.17.5.1 with overload and ARP enabled. If i do this on a FG 80F with 7.2.9 i am able to ping this IP from CLI.ICMP is sent from root interface   FortiGate-80F # diagnose sniffer packet any 'host 172.17.5.1' 4 filters=[host 172.17.5.1] 13.410881 root out 172.17.5.1 -> 172.17.5.1: icmp: echo request 13.410891 root in 172.17.5.1 -> 172.17.5.1: icmp: echo request   How would i solve this in a 120G with 7.2.9  FortiGate-120G # diagnose sniffer packet any 'host 172.17.5.1' 4 filters=[host 172.17.5.1] 2.693988 port2 out 85.132.211.22 -> 172.17.5.1: icmp: echo request 3.694028 port2 out 85.132.211.22 -> 172.17.5.1: icmp: echo request   Both, 120G and 80F have  WAN1 / static and WAN2 / DHCP.SD-WAN has both WAN interfaces as a member. What do i need to change?

tpatel · Answer

Hello Jab,

Have you configured ippool ip address as secondary ip address on wan interface ?
Can you please try to assigned ip address as secondary ip address on interface and try to ping.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interface/ta-p/226046

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded