Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alif
Staff
Staff

Created on ‎05-28-2020 09:39 AM Edited on ‎05-27-2025 10:10 PM By Community Manager

Article Id 192109

Technical Tip: ICMP to FortiGuard Distribution Servers (FDS)

Description


This article discusses ICMP's response to FortiGuard Distribution Servers (FDS).

 

Scope

 

FortiGate.

 


Solution


ICMP packet loss has been observed on FortiGuard servers occasionally.

 

execute ping update.fortiguard.net
PING fds1.fortinet.com (96.45.33.86): 56 data bytes
64 bytes from 96.45.33.86: icmp_seq=0 ttl=56 time=158.2 ms
64 bytes from 96.45.33.86: icmp_seq=1 ttl=56 time=158.2 ms
64 bytes from 96.45.33.86: icmp_seq=2 ttl=56 time=158.2 ms
64 bytes from 96.45.33.86: icmp_seq=3 ttl=56 time=158.1 ms
64 bytes from 96.45.33.86: icmp_seq=4 ttl=56 time=158.2 ms

--- fds1.fortinet.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 158.1/158.1/158.2 ms 

 

exec ping guard.fortinet.net
PING guard.fortinet.net (173.243.138.91): 56 data bytes
64 bytes from 173.243.138.91: icmp_seq=0 ttl=47 time=87.0 ms
64 bytes from 173.243.138.91: icmp_seq=1 ttl=47 time=86.8 ms
64 bytes from 173.243.138.91: icmp_seq=2 ttl=47 time=86.5 ms
64 bytes from 173.243.138.91: icmp_seq=3 ttl=47 time=86.6 ms
64 bytes from 173.243.138.91: icmp_seq=4 ttl=47 time=86.5 ms

 

   execute ping securewf.fortiguard.net [ for HTTPS service ]
   PING securewf.fortiguard.net (173.243.138.96): 56 data bytes
   64 bytes from 173.243.138.96: icmp_seq=0 ttl=44 time=89.6 ms
   64 bytes from 173.243.138.96: icmp_seq=1 ttl=44 time=89.4 ms
   64 bytes from 173.243.138.96: icmp_seq=2 ttl=44 time=89.3 ms
   64 bytes from 173.243.138.96: icmp_seq=3 ttl=44 time=89.3 ms
   64 bytes from 173.243.138.96: icmp_seq=4 ttl=44 time=89.3 ms

 

      --- securewf.fortiguard.net ping statistics ---
      5 packets transmitted, 5 packets received, 0% packet loss
      round-trip min/avg/max = 89.3/89.3/89.6 ms

 

--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 86.5/86.6/87.0 ms

 

execute ping service.fortiguard.net
PING guard.fortinet.net (209.222.147.36): 56 data bytes
64 bytes from 209.222.147.36: icmp_seq=1 ttl=50 time=117.0 ms

--- guard.fortinet.net ping statistics ---
5 packets transmitted, 1 packets received, 80% packet loss
round-trip min/avg/max = 117.0/117.0/117.0 ms

 

The packet loss occurs due to the ICMP echo rate-limitation applied on the FortiGuard servers. Hence, packet loss to FortiGuard servers is expected.
ICMP echo requests and responses can be misleading as protocols are prioritized at various levels. This has no relation to updates from FortiGuard servers as updates happen on port 443.

Labels:
2235
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.