Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sprashant
Staff
Staff

Created on ‎05-05-2024 10:20 PM

Article Id 312318

Technical Tip: Pinging out to Internet from local interface

Description This article describes the behavior when trying to ping the internet from any of the local interfaces of the FortiGate.
Scope FortiGate.
Solution

Trying to test connectivity via the command 'exec ping-options source <IP>' and then, trying to ping the internet will not work (exec ping 8.8.8.8). 

 

Ping from an interfacePing from an interface

 

Only echo request going, no responseOnly echo request going, no response

 

By default, FortiGate can ping from only the interface on which the WAN connection is directly connected and none of the interfaces. The reason is that the traffic generated from any other interface will be direct and no security profiles will come into play, hence there will be no NATting triggered.

 

For example, trying to ping from a LAN port to the internet.

 

LAN port IP: 10.10.10.1

WAN port IP: X.X.X.X <-----On the firewall.

Flow: Ping initiated from 10.10.10.1<-----> ISP Gateway Router

 

Now, the ISP  router does not recognize the internal IP as it is expecting traffic from X.X.X.X only. Hence, a drop will happen.
219
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.