Skip to main content
HS08
HS08
Visitor III
March 10, 2025
Question

Ping timeout

  • March 10, 2025
  • 3 replies
  • 1264 views

I do ping 10.103.248.44 and the ping is reply, when i do sdwan failover i can see the ping is always timeout.

We must change the ping to other host example 10.103.248.45 and the ping is reply.

Seem the fortigate icmp session to 10.103.248.44 is cached and will be reply if the cache was refreshed.

Anyone know how we can fix this?

3 replies

AEK
SuperUser
AEK
SuperUser
March 10, 2025

Can you share the output:

show full sys global | grep snat
AEK
HS08
HS08Author
Visitor III
March 11, 2025

the result is "set snat-route-change disable"

AEK
SuperUser
AEK
SuperUser
March 11, 2025

Can you enable it and try again?

AEK
AEK
SuperUser
AEK
SuperUser
March 11, 2025

Can you check if preserve-session-route is enabled for each SD-WAN interface members?

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/197976

AEK
AEK
SuperUser
AEK
SuperUser
March 11, 2025

You may check firewall-session-dirty as well.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Information-about-firewall-session-dirty/ta-p/195802

AEK
Terms & ConditionsAccessibility statement