VIP with port forwarding, allow icmp

Forum|Forum|11 years ago
September 11, 2014
4 replies
24990 views

I think this is an easy question for guys with great fortinet experience., I just can' t find any documents supporting this claim that.... IS it true that icmp/ping is not allowed when you do a Virtual IP with portforwading? Situation: example: Server inside LAN Network with private IP Address, given with its own public IP address,but only http,ssh,ping allowed access. Virtual IP: Public IP >>> Private IP - SSH(external port 22 mapped to 2200) Public IP >>> Private IP - http(external port 80 mapped to 80) how about ping? If we uncheck the portfowarding option, pings will be received.

ede_pfau

SuperUser

ICMP is only passed if TCP/UDP port forwarding is not enabled. ICMP is a different protocol. A VIP without port forwarding can even pass other IP protocols but with ports, TCP and UDP only. If you want to check a device presence, maybe you could use " TCP ping" ? I don' t know of any tool available but even in FortiOS the Dead Gateway Detections is able to use ICMP or TCP or UDP pings.

netmin

New Member

A small tool: http://technet.microsoft.com/en-us/sysinternals/jj729731.aspx

MikePruett

New Member

I can ping devices but only if I have my VIP saying external IP to internal IP...not specific port forwarding.

TuncayBAS

Explorer

ping protocol 1 tcp 6 and udp 17 ping not forward inside if port forward is enabled

Christopher_McMullan

Staff

FortiOS v5.2.1 was released yesterday on our support site. Just FYI, one of the new features is that a VIP with port forwarding will now support ICMP (release notes p. 6 under ' Firewall' ).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded