Skip to main content
NotMine
NotMine
Explorer III
March 15, 2017
Question

FortiGate does not PING its own interface

  • March 15, 2017
  • 1 reply
  • 7004 views

Hello everyone,

 

I've had an interesting case today and I wondered if anyone on the World Wide Web can shed some light on it. Namely, I've configured a FGT-300D (5.2.10), with a very simple configuration. There were three active ports, but I could not PING one of them from the FGT itself. PING was enabled on all interfaces, but FGT was unable to ping its own interface?! Traceroute indicated that FGT was using the default route to try to reach the problematic interface's IP address, even though the routing table contained the "connected" route to the interface's network.

 

Has anyone encountered the similar situation?

 

Thanks,

Slavko

1 reply

brycemd
brycemd
New Member
March 15, 2017

Just double checking, but did you do an 'execute ping-options source x.x.x.x' to specify the source ip to ping from?

 

This has bitten me a few times when testing site to site vpn.

NotMine
NotMineAuthor
Explorer III
March 16, 2017

Hello,

 

Thank you for your reply. This was a brand new device, and I performed a factory reset while upgrading the firmware. I did not change any ping options, so I presume the device should select the most appropriate source to PING from (i.e. the connected port). Admittedly, I did not flow trace the traffic, only traceroute-d.

 

Furthermore, what "corrected" the situation was that I've changed the interface's IP address to an arbitrary value. This IP I was able to PING. Then, I changed the IP address back to the problematic one, and it worked - I could PING the interface from the FGT itself, and the traffic to/from that network segment started to flow as intended.

 

Slavko

Terms & ConditionsAccessibility statement