Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
irodriguez_FTNT
Staff
Staff

Created on ‎05-06-2009 01:13 AM Edited on ‎11-26-2024 04:51 AM By Moderator

Article Id 190774

Troubleshooting Tip: Using PING options from the FortiGate CLI

Description

 

This article describes the FortiGate ping options in IPv4 and IPv6 that can be used for various troubleshooting purposes. Two particularly useful options are repeat-count and source.

 

Scope

 

FortiGate.


Solution


From the CLI, type the following command to see all IPv4 ping options:

 

execute ping-options ?

execute ping-options adaptive-ping <enable|disable>

execute ping-options data-size <bytes>

execute ping-options df-bit {yes | no}

execute ping-options pattern <2-byte_hex>

execute ping-options interface <auto | interface_name>
execute ping-options interval <seconds>

execute ping-options repeat-count <repeats>

execute ping-options source {auto | <source-intf_ip>}

execute ping-options timeout <seconds>

execute ping-options tos <service_type>

execute ping-options ttl <hops>

execute ping-options validate-reply {yes | no}

execute ping-options view-settings

execute ping-options use-sdwan <yes | no>

execute ping-options reset

 

CLI example:

 

KB edit.PNG

 

Keyword Description Default:

 
  • adaptive-ping <enable|disable>: FortiGate sends the next packet as soon as the last response is received.
  • data-size <bytes>: Specify the datagram size in bytes.
  • df-bit {yes | no}: Set df-bit to yes to prevent the ICMP packet from being fragmented. Set df-bit to no to allow the ICMP packet to be fragmented.
  • pattern <2-byte_hex>: Used to fill in the optional data buffer at the end of the ICMP packet. The size of the buffer is specified using the data_size parameter. This allows for sending out packets of different sizes to test the effect of packet size on the connection.
  • interval: time between each ping.
  • interface: Outgoing interface. If no source-ip address is specified, the primary IP address of the interface is selected.
  • repeat-count <repeats>: Specify how many times to repeat the ping attempt.
  • Source {auto | <source-intf_ip>}: Specify the FortiGate interface from which to send the ping.

If auto is specified, the FortiGate selects the source address and interface based on the route to the <host-name_str> or <host_ip>.

Specifying the IP address of a FortiGate interface is used to test connections to different network segments from the specified interface.

  • timeout <seconds>: Specify, in seconds, how long to wait until the ping times out.
  • tos <service_type>: Set the ToS (Type of Service) field in the packet header to provide an indication of the quality of service wanted.
  • lowdelay: Minimize the delay.
  • throughput: Maximize throughput.
  • reliability: Maximize reliability.
  • lowcost: Minimize cost.
  • ttl <hops>: Specify the time to live. Time to live is the number of hops the ping packet should be allowed to make before being discarded or returned.
  • validate-reply {yes | no}: Select 'yes' to validate reply data.
  • view-settings: Display the current ping-option settings.
  • use-sdwan <yes | no>: If set to 'yes', the ping will follow SD-WAN rules and policy routes. Usually used with other options, such as source, to match a specific SD-WAN rule that is based on a specific source address.
  • reset: Reset ping options to default values.

Note: Ping can also be used for name resolution. To test name resolution, ping with the domain name as the destination. The following command output confirms the name resolution was successful:

       

exec ping google.com

PING google.com (142.250.179.78): 56 data bytes

 

 

When IPv6 is enabled in FortiGate feature visibility settings and an IPv6 address is assigned to an interface, IPv6 ping can be performed through the command below:

 

execute ping6 y:y:y:y:y:y:y:y

 

From CLI, the ping options available for IPv6 are similar to IPv4 and are the following:

 

execute ping6-options ?
execute ping6-options adaptive-ping <enable|disable>
execute ping6-options data-size <bytes>
execute ping6-options interface <auto | <outgoing_interface>
execute ping6-options interval <seconds>
execute ping6-options pattern <2-byte_hex>
execute ping6-options repeat-count <repeats>
execute ping6-options reset
execute ping6-options source6 <auto | IPv6_source_interface>
execute ping6-options timeout <seconds>
execute ping6-options tos <IPv6_type-of-service_value>
execute ping6-options ttl <time-to-live>
execute ping6-options use-sdwan <yes | no>
execute ping6-options validate-reply <yes | no>
execute ping6-options view-settings

 

The use and meaning of each IPv6 option is similar to its IPv4 counterpart. Note that in IPv6, option source is called source6, and option df-bit is not available.

598962
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.