FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 195439


This article describes how to ping remote network connected via IPsec VPN.


Assume the following scenario:
[] ---- (LAN) 81E-----ipsec vpn --------600C-------[]

IPsec VPN is configured in both FortiGate-81E and FortiGate-600C.
For FortiGate-81E, network is reachable via VPN and is directly connected network.

From FortiGate-81E , if the remote network IP is pinged from CLI directly, ping communication will fail.

FG81EP-2 # execute ping
PING ( 56 data bytes

--- ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

In order to the ping the remote IP connect via IPsec VPN, set the source IP for the ping and initiate the ping.

FG81EP-2 # exe ping-options source                                <----- Source FortiGate-81E’s local network connected interface IP.
FG81EP-2 # exe ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=255 time=0.5 ms
64 bytes from icmp_seq=1 ttl=255 time=0.5 ms
64 bytes from icmp_seq=2 ttl=255 time=0.3 ms