Troubleshooting Fortigate Lack of Ping Response (ICMP)

Question

Is there a way to see why a Fortigate will not send an ICMP response?

I have a batch of Fortigate 80Es with the same configuration template.

Some of the Fortigates will stop responding to ping responses back to the switch (connected to a 2000E). The ping goes from my switch and the destination is the 80E loopback IP. The ICMP request does arrive on the Fortigate.

I am using the command below on the CLI of the 80E to troubleshoot the ping failures.

diag sniffer packet any 'icmp' 4

I can see the ICMP requests come in. Most of the Fortigates will send an ICMP reply back and the test passes. There are a few Fortigates that simply do not send an ICMP reply. I don't see a difference between the two different Fortigates that behave differently.

Is there a way to see why a Fortigate will not send an ICMP response?

Toshi_Esumi · Accepted Answer

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connectivity/ta-p/192560 Try Step 4: Debug flow.That would show you what it's ignored or dropped. Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded