Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssteo
Staff
Staff

Created on ‎08-31-2021 10:43 PM Edited on ‎07-27-2022 02:49 AM By Community Manager

Article Id 197556

Technical Tip: FortiGate source-ping using SD-WAN rules

Description


This article describes FortiGate source-ping using SD-WAN rules.

Solution


FortiGate has 2 WAN links which are PORT1 and PORT2.
One IPsec tunnel is tested.



 
 
There is One SD-WAN rule and no performance SLA.
 
 
 
 
There is one default route.
 
 

 
 
FortiGate LAN is PORT3 which is 10.225.1.220/22.
 
 
 
 
Use source IP 10.225.1.220 has been configured to ping 10.226.1.254 but fail. 10.226.1.254 is PC on IPsec LAN.
 
 

 
 

 
 
Ping from LAN PC and able to ping because it will use SD-WAN rules.
 
 
 
 
 
 
Found that in Fortigate CLI, to let the interface IP 10.225.1.220 to ping opposite 10.226.1.254, under 'ping-option', 'use-sdwan' needs to be configured as 'yes'.
 
Then FortiGate able ping to 10.226.1.254. So it is not relate to performance SLA just the ping option on FortiGate only.
 
 
6682
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.