Skip to main content
robinsonb
robinsonb
Visitor III
June 21, 2022
Question

GCP Fortigate I can’t ping 8.8.8.8 on my private network

  • June 21, 2022
  • 2 replies
  • 5120 views

I can not ping google from my private interface but in can ping google with my public interface. I used the terraform code that offers fortinet for the deployment of it on gcp: https://github.com/fortinet/fortigate-terraform-deploy/tree/main/gcp/7.0/ha

 

this is the representation of the network I’m trying to get :

xoIVh.png

 

My firewall rules for the private vpc :

EaRoB.png

My gateway :

 

KfM5g.png

 

 

My Nat :

 

Zedfe.png

 

 

My network policy gcp connector :

 

lCwcX.png

 

 

I use a debian 9 for my private network :

 

oVOlK.png

 

log I get during tests :

 

AdGpb.pngfzWJo.pngSpDZ0.png

 I can' ping my debian with my fortinet :

Capture.JPG

 

If you have any idea what it can be. I am interested.

2 replies

Anthony_E
Staff
Anthony_E
Staff
June 24, 2022

Hello robinsonb,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
    robinsonb
    robinsonbAuthor
    Visitor III
    June 24, 2022

    Hello Anthony and thank you for the support. If you need more information let me know.

     

    Regards,

    sjoshi
    Staff
    sjoshi
    Staff
    June 24, 2022

    Dear robinsonb,

     

    Thank you for posting to the Fortinet Community Forum.

     

    As per your description you are not  able to ping 8.8.8.8 from your private NW but from FGT it is working fine.

     

    NW Topology:-
    172.16.1.7--FGT--ISP--8.8.8.8

     

    Please run the following cmd:-
    diag sniff packet any 'host 8.8.8.8 and icmp' 4
    diag sys arp | grep 172.16.1.7
    get router info routing-table all

     

    Please share me the output

     

    Thanks

    Thanks, Salon
      robinsonb
      robinsonbAuthor
      Visitor III
      June 24, 2022

      Hello Salon Raj Joshi, thank you for your help.

      Not exactly, I happen to ping google only from my Wan interface. If I on my Lan interface, I don’t ping.

      t.png

       

      q.png

      d.JPG.png

      y.png

       

      u.png

       

      Here are the screenshot you asked for. If you want further information I am at your disposal. Thank you again for your help

       

      sjoshi
      Staff
      sjoshi
      Staff
      June 24, 2022

      Dear robinsonb,

       

      As per the output I could see that there is no arp for the source PC connected on port 2Check whether you can ping teh GW(port2 IP) from the PC.
      Take a policy lookup whether the policy which you have configured is matching
      Please find the link for your reference:-
      https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/184224/policy-and-route-lookup#:~:text=Policy%20Lookup%20allows%20administrators%20to,would%20be%20triggered%20for%20it.

       

      Thanks

      Thanks, Salon
      Terms & ConditionsAccessibility statement