Execute traceroute showing first and last hop 127.0.0.1 for connected subnet

Forum|Forum|5 years ago
November 5, 2020
1 reply
20849 views

I have a FortiGate 100e device in which I have taken out one LAN port and set WAN role on it. I have assigned a /30 subnet IP address to the port. The port is up and I can PING it from other zones. However, I cannot PING the remote IP address of the /30 subnet. Execute traceroute shows the only hop as 127.0.0.1. I have deployed ANY-ANY policy from LAN to the above interface but PING from LAN workstation to remote /30 IP address gets DESTINATION HOST UNREACHABLE reply from firewall. I am at my wit's end. Please help.

boneyard

Valued Contributor

is the remote IP address in the arp table?

get sys arp

is the IP 127.0.0.1 configured on the firewall?

Deep_BanerjiAuthor

New Member

'get sys arp' is not showing the port in question. I ran 'diag sniff packet <port> 4' which is only showing arp requests. No arp replies. But when I connect the cable to a laptop it works. Btw, this is an Internet link with publicly available IP. Is there some problem with FGT ARP request which makes the next-hop ignore the ARP request?

No, 127.0.0.1 is not configured on the FGT. Firmware version is v5.6.4

boneyard

Valued Contributor

Deep Banerji wrote:
Is there some problem with FGT ARP request which makes the next-hop ignore the ARP request?

there might be if the configuration isnt correct

if you connect a laptop you say it works, you connect the laptop to the same interface on the internet modem / router?

do you configure an IP on the laptop or use DHCP?

what is the one LAN port configuration?

can you share some of the arp request sniffer output?

also please upgrade, 5.6 is not supported any more. not going to fix this, but just a good idea.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded