ICMP echo (PING) replies from secondary IP address

Forum|Forum|13 years ago
October 15, 2012
2 replies
6215 views

While helping a client set up a SSH server interface with a healthcare vendor I' ve run into a strange request I' m having difficulty fulfilling. This server is to be accessed via a secondary public IP address. The vendor wants this server to respond to ICMP echo (PING) requests. With a secondary valid public IP address, Iâ€™ve set up a Dynamic IP Pool and have used it to create an Internal â€“ WAN policy for the SSH service. Traffic is now reaching the SSH server as intended. I cannot seem to sort through how to get he PING thing working. From the FortiGate I can successfully ping the local IP of the server. With other TCP/UPD services, the typical way to do port forwarding (via VIP) doesnâ€™t cover services such as ICMP. Iâ€™ve also tried adding the second Public IP address as a secondary address to the WAN1 interface â€¦but that didnâ€™t work either. Ideas? Iâ€™ve not found anything in the Forum that applies.

Carl_Wallmark

New Member

Hi, There is only one option: Do a full one-to-one NAT External -> Internal VIP I requested a few years ago to be able to forward ICMP in a VIP....other vendors do this.

fortigate2

New Member

I also have 3 public IP (External IP) and want to reply PING from 2nd and 3rd IP, I have create a 1:1 NAT to 2nd and 3rd public IP in Virtual IP but can' t get PING working on 2nd and 3rd IP, only the 1st Public IP can reply PING, do I need to create Policy for allow PING to 2nd and 3rd public IP?

MTCIAuthor

New Member

thanks - just spoke to FortiEngineer Ryan Archer who directed me to do this same thing and then refine what gets through via FWP' s with services. ...working now!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded