Unable to ping VLAN interface is admin trusted host is used

Hello all

I found a very strange behavior. I have a Fortigate with VDOM enabled. In my VDOM named C1_INFRA, I have some VLAN interfaces. Each of these vlan interfaces are PING access enabled.

The VLAN interface is aloways the gateway for the subnet. For example, I have a VLAN 10.200.3.0/24, the VLAN interface on my fortigate is 10.200.3.1 (with PING access enabled) and I have a device connected on this same VLAN using 10.200.3.253 as IP address. The device was unable to ping the gateway 10.200.3.1 but it is able to ping another device on the same VLAN. After a lot of researches, I saw in the Local-in policy that my PING from 10.200.3.253 (my device) to 10.200.3.1 is denied.

I tried to create a new local-in policy but no success. I finally found the reason why my ping was reject by the fortigate. I configured some administrators and allowed only access from specific subnets (use of Trusted hosts). My subnet 10.200.3.0/24 was not in the list (and it is correct, I don't want to allow login to the Fortigate from 10.200.3.0/24)... If I add the subnet 10.200.3.0/24 on the Trusted host of at least one administrator, the ping pass.... So as a workaround, I created a fake administrator with a profile which has access to nothing and added as trusted host 0.0.0.0/0. All is working now but I think that this solution is very tricky.

Do you have another solution to allow the ping on a local interface even is trusted hosts have been configured ? Thank you in advance.