Skip to main content
imei-ianv
imei-ianv
New Member
September 23, 2022
Question

FortiGate 100E Ping Response - Expected Result?

  • September 23, 2022
  • 3 replies
  • 3416 views

Hey all,

 

This could be a general question on FortiGate products, not sure yet.

 

I have a FortiGate 100E on 6.0.5. Configuring and testing a WAN port.

If I exec ping <gateway> I get an expected response.

But when I exec ping 1.1.1.1 or exec traceroute 1.1.1.1 (or any other IP beyond my gateway) the response I get is:

traceroute to 1.1.1.1 (1.1.1.1), 32 hops max, 3 probe packets per hop, 72 byte packets

 1  127.0.0.1 <localhost>  883.985 ms !H  2993.665 ms !H  2999.748 ms !H

 

I am troubleshooting a new WAN, so no connectivity beyond gateway is not what I need help with.

I just want to know, is it normal to receive a response from localhost?

Looking at the timing, ~ 3000ms, this would indicate a failure / timeout, but why respond with localhost instead of with just a simple Response timed out?

3 replies

tthrilok
Staff
tthrilok
Staff
September 23, 2022

Hi Imei,

 

Thank you for the query!

 

I understand when you are pinging gateway you are receiving the response, however when you are pinging or traceroute to 1.1.1.1, you are seeing response from the 127.0.0.1.

 

Could you please confirm if this is happening only for 1.1.1.1 or anything on the internet.

 

Please share the output of the commands:
get router info routing-table details 1.1.1.1

get router info routing-table all

 

Thank you!

 

imei-ianv
imei-ianvAuthor
New Member
September 23, 2022

Any IP beyond the gateway causes this behaviour.

 

I cannot get immediate access to the device, so am unable to run your commands.

However, I checked routing (including using get router info routing-table) and I didn't see anything abnormal. 0.0.0.0\0 was destined for the gateway IP.

jintrah_FTNT
Staff
jintrah_FTNT
Staff
September 23, 2022

Hi,

 

Check the routing, it appears there is an issue in the next-hop derivation (if you were using dynamic routing like BGP(I presume), check the next-hop or may be there is an entry in the routecache with an invalid gateway ip).

 

Best regards,

Jin

imei-ianv
imei-ianvAuthor
New Member
September 25, 2022

No, static routing.

So, are we saying, that 'exec ping 1.1.1.1' would return 127.0.0.1 (localhost) if the gateway is unreachable? And would never state 'destination unreachable' or 'response timed out' ?

jintrah_FTNT
Staff
jintrah_FTNT
Staff
September 26, 2022

No, you would get destination unreachable or response time out on other conditions. Your response for traceroute indicated was !H, indicating no proper hop, so you should check the gateway IP of the route seen in the route table is valid or not.  You can post the route table, and the rtcache for better visiblity. You may also try restarting the routing, flushing the route cache or restarting the device, if you have already determined the gateway in the route table is valid.

 

Best regards,

Jin

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
September 26, 2022

The first hop with 127.0.0.1 is your gateway device, not your FGT itself. If you sniff packets on the interface connected to the gateway, you would see what the gateway is returning.

 

Toshi

Terms & ConditionsAccessibility statement