S2S IPsec FortiGate Wont come up, Can not ping 2 of the 3 sites from FG or Windows

Forum|Forum|4 years ago
July 1, 2021
1 reply
1501 views

Hi all! Still learning the FortiOS and have run into a issue and its time critical i get it fixed ( Sites need to print Paychecks tomorrow )

So 2 of my 3 tunnels when down and i started with trying to ping the Public IPs and sure enough from CLI Fortinet/windows i can not ping those public IPs but if i log into the comcast modem can ping the public IP addresses and if i go to the other 3 sites and ping the Main sites IP that come back as responding from Fortinet/Windows and the Modems. Any ideas on what may have gone down or broke?

Any help is appreciated!

lgupta

Staff

Hello Geovantae, good day!

sure enough from CLI Fortinet/windows i can not ping those public IPs
>>> please grab the output of the following from FGT CLI: [please obfuscate sensitive details]

exe ping 1.1.1.1
get router info routing-table all
get router info routing-table details 1.1.1.1
get router info routing-table details <Remote-public-IP>

These commands will verify the routing on the FortiGate.

Also, here are few articles you can follow to TS the issue:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Routing-Issue/ta-p/195727
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-IPsec-Site-to-Site-Tunnel/ta-p/195672

Much Thanks.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded