Skip to main content
Umesh
Umesh
Explorer II
May 11, 2022
Question

public IPs is not reachable

  • May 11, 2022
  • 2 replies
  • 3182 views

Hi all,

 

I have been facing the issue for a long time and couldn't resolve the issue, I thought, should share my query with you all.

let me explain first - 

Let's suppose - my public IP is - 1.1.1.1 which is the LAN IP pool that is natted at the Fortigate firewall and my site is hosting with its public IP.

and ping is also allowed for this ip.

so this IP should be reachable from every location like - USA. Singapore, India, etc.

actually, I am not able to ping this from a different -2 location even my laptop as well when I am trying to ping it.

Please share your opinion.

 

thank you

2 replies

jintrah_FTNT
Staff
jintrah_FTNT
Staff
May 11, 2022

Hi Umesh,

 

Is this IP 1.1.1.1 configured on FortiGate interface? When you do tracert from that 2 locations  to 1.1.1.1, what is the last hop IP address seen? Is that last hop IP the same as the gateway IP address for FortiGate?

 

Best regards,

Jin

Umesh
UmeshAuthor
Explorer II
May 11, 2022

No, this IP address is the LAN ip pool which has been provided by ISP and that is natted on Fortinet firewall lets suppose -

 

1.1.1.1 - 2.2.2.2 

 

why 1.1.1.1 is not reachable from outside even I have enabled ping for this policy.

and public IP always should be reachable from every location.

right.

what's your guess on this.

jintrah_FTNT
Staff
jintrah_FTNT
Staff
May 11, 2022

ok, so there is no 'real or virtual' host, or an interface that has IP 1.1.1.1 inorder to respond back, and the ippool is only used when traffic from lan to outbound is to be Nat'ed. Therefore, no response is expected. 

 

Best regards,

Jin

seshuganesh
Staff
seshuganesh
Staff
May 11, 2022

Hi,

 

could you please execute these commands in firewall:

diag sniffer packet any 'a.b.c.d and icmp' 4 0 a (where a.b.c.d is the ip from where you are pinging your webserver public ip)

please initiate ping, check whether the packet is reaching the firewall or not and please keep us posted.

 

Also share us the screenshot of VIP configuration you have done in the fortigate firewall.

 

jintrah_FTNT
Staff
jintrah_FTNT
Staff
May 11, 2022

IP is used in ippool. VIP is not mentioned and therefore assumed not in use. 

 

Best regards,

Jin

Terms & ConditionsAccessibility statement