Skip to main content
edisonwang66
edisonwang66
New Member
September 22, 2022
Question

Crazy fortigate forwarding behavior

  • September 22, 2022
  • 4 replies
  • 2372 views

Hey,

One of my computeer with IP 10.10.11.152 got ping timeout to its gateway fortigate firewall internal interface with IP 10.10.11.1. How ever other servers on the subnet like 10.10.11.150 can ping 10.10.11.1. When I did ping capture on the firewall, I can see the following outputs. The replied packets are not going through internal inteface, but from root interface, but I have never created any interface called root. It's so confusing. Anyone has ever seen this crazy behavior before. Any solution to fix this issue? thank you

 

# diagnose sniffer packet any "host 10.10.11.1 and icmp" 4
5.779616 internal in 10.10.11.152 -> 10.10.11.1: icmp: echo request
5.779668 root out 10.10.11.1 -> 10.10.11.152: icmp: echo reply
5.779678 root in 10.10.11.1 -> 10.10.11.152: icmp: echo reply

 

4 replies

jintrah_FTNT
Staff
jintrah_FTNT
Staff
September 23, 2022

Hi,

 

The configuration on the device is not understood. Please gather the output of below commands for checking the behavior,

 

show sys settings

show sys global

show firewall ippool

show firewall vip

show router policy

get router info routing-table all

 

And you may run debug flow as detailed here Troubleshooting Tip: First steps to troubleshoot c... - Fortinet Community to understand the behavior better.

 

Best regards,

Jin

 

tthrilok
Staff
tthrilok
Staff
September 23, 2022

Hi Edison,

 

Thank you for the query!

 

From the query, I understand you are not able to ping the firewall IP from one specific user machine. 

 

Could you please confirm if you are seeing 10.10.11.0/24 route on the Internal interface.

 

Please share the output of the command:
get router info routing-table details 10.10.11.152

 

Also please share the below debugs:

 

di de reset

di de flow filter addr 10.10.11.152

di de flow filter proto 1

di de fl sho ip en

di de fl trace start 1000

di de en

 

Once you run the above commands in firewall cli, please try to ping firewall ip from 10.10.11.152, once it is finished, please stop the debug using:

 

di de di

di de reset

sicherif
sicherif
New Member
May 24, 2024

Hello 

i have the same Issue with my fortigate 

8:38:58.553652 TRANSPORT in 10.136.100.1 -> 10.143.155.1: icmp: echo request
2024-05-24 18:38:58.553764 root out 10.143.155.1 -> 10.136.100.1: icmp: echo reply
2024-05-24 18:38:58.553771 root in 10.143.155.1 -> 10.136.100.1: icmp: echo reply

 did you find solution for that ? thank you

hbuenafe81
hbuenafe81
Explorer III
December 19, 2024

Anyone figure out what cause on this root response? - Below solve my issue.

 

set arp-reply disable

Terms & ConditionsAccessibility statement