ping external IP address using Virtual IP + Port forwarding

Hi, have you checked PING on your external interface ? Make sure you don´t do a One-to-One nat when you do your VIP. And remember that you can´t do a VIP for Ping, since it is a ICMP request, you can only do VIPs for UDP and TCP.

I know about the limitations with ICMP and VIP (although I don' t understand why it' s not possible to redirect ICMP using VIP...) So the big question is: how can I tell my fortigate unit to answer icmp requests for external ip addresses directly without forwarding to a server behind the firewall? All I want is to get a response when i ping an address, but I don' t care if the server behind the firewall is really reachable or not - i just want to get an answer directly from the fortigate unit. Any ideas? Thanks!

You have to EDIT your interface, STATUS -> Network -> WAN1 (for example) Check the PING box, then it should respond to ping requests.

What your asking, is for the firewall to intercept icmp and answer on behalf of the intended target. Don' t think that possible. I never seen that done in that manner. One usually create VIP ip to ip match and crafts a fw-policy allowing all allowed traffic types thru.

Hi! Thanks for the answers! The problem with editing the status-network-wan1 settings is that only the public ip address assigned to wan1 is getting ping responses using this option. I' ve already tried to add my other public ip addresses as " secondary addresses" to wan1 but this is not possible. @emnoc: in the past I' ve also done it this way, but currently I need to change the settings and use port redirection and I know that it is not possible to define icmp redirection using vip but there should be at least one way to get an answer to ping requests... Thanks!