Skip to main content
Tutek
Tutek
New Member
December 1, 2022
Question

How to change default ping options

  • December 1, 2022
  • 2 replies
  • 5456 views

Hello,

my pings from console is working only when I enable before any ping "use-sdwan yes" but after a while ping are not working as this is temporary settings, I see that pings have Default settings and there is Use-Sdwan :disable - how to change that default setting?

 

 

 

FGT # execute ping 173.243.140.53  PING 173.243.140.53 (173.243.140.53): 56 data bytes  --- 173.243.140.53 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss   FGT # execute ping-options use-sdwan yes  FGT # execute ping 173.243.140.53 PING 173.243.140.53 (173.243.140.53): 56 data bytes 64 bytes from 173.243.140.53: icmp_seq=0 ttl=54 time=26.5 ms 64 bytes from 173.243.140.53: icmp_seq=1 ttl=54 time=27.0 ms 64 bytes from 173.243.140.53: icmp_seq=2 ttl=54 time=26.4 ms 64 bytes from 173.243.140.53: icmp_seq=3 ttl=54 time=26.5 ms ^C --- 173.243.140.53 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 26.4/26.6/27.0 ms

 

 

 

 

FGT # execute ping-options view-settings
Ping Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interface: auto
Interval: 1
TTL: 64
TOS: 0
DF bit: unset
Source Address: auto
VRF: 0
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Adaptive Ping: disable
Use SD-WAN: no

 

Default Ping Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interval: 1
Interface: auto
TTL: 64
TOS: 0
DF bit: unset
Source Address: auto
VRF: 0
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Adaptive Ping: disable
Use SD-WAN: disable

2 replies

msolanki
Staff
msolanki
Staff
December 3, 2022

Hi Tutek,

This is default behavior  and these options are valid within specific session. For example, if you connect to Fortigate via ssh and configure these options, they will be valid for this ssh session. When you disconnect, these options will be set to default. And when you connect next time, you will have to specify these option again.

I believe you are looking for fortiguard traffic which is treated as local originated traffic please check below KB that might help you.

https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-control-change-the-FortiGate-source-IP-for/ta-p/194903

https://community.fortinet.com/t5/FortiGate/Technical-Tip-CLI-command-to-check-the-use-of-source-ip-setting/ta-p/194396

Thanks

Madhav

    Tutek
    TutekAuthor
    New Member
    December 4, 2022

    If I cannot change "Default Ping Options" I don't know why my ping from CLI do not work. 

    I have static default route 0.0.0.0/0 throught sd-wan virtual-wan-link, in sd-wan rules I have at the bottom default rule for internet traffic:

    source (all) destination (all) - sd-wan members (wan1, wan2).

    Now no matter what source interface Fortigate pick up for its DNS traffic it always should follow my default sd-wan rule because it have source (all).

    As I know self originating traffic don't need ipv4 policy to be allowed - so can anyone explain me why my pings are not working?

     

     

    FGT (static) # show config router static     edit 1         set distance 1         set sdwan enable     next

     

     

     

     

    FGT (dns) # show config system dns     set primary 208.91.112.53     set secondary 208.91.112.52     set domain "company.local"     set interface-select-method sdwan end

     

     

     

     

     edit 6             set name "Internet_Out_Wan2"             set dst "all"             set src "all"             set priority-members 2 1         next     end end  FGT (sdwan) #

     

     

     

     

     

    FGT # execute ping 173.243.140.53 PING 173.243.140.53 (173.243.140.53): 56 data bytes ^C --- 173.243.140.53 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss

     

     

    Terms & ConditionsAccessibility statement