FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190774



This article describes the FortiGate ping options that can be used for various troubleshooting purposes. Two particularly useful options are repeat-count and source.






From the CLI, type the following command to see all options:


execute ping-options ?

execute ping-options adaptive-ping <enable|disable>

execute ping-options data-size <bytes>

execute ping-options df-bit {yes | no}

execute ping-options pattern <2-byte_hex>

execute ping-options interface <auto | interface_name>
execute ping-options interval <seconds>

execute ping-options repeat-count <repeats>

execute ping-options source {auto | <source-intf_ip>}

execute ping-options timeout <seconds>

execute ping-options tos <service_type>

execute ping-options ttl <hops>

execute ping-options validate-reply {yes | no}

execute ping-options view-settings

execute ping-options use-sdwan <yes | no>

execute ping-options reset


Keyword Description Default

  • adaptive-ping <enable|disable>: FortiGate sends the next packet as soon as the last response is received.
  • data-size <bytes>: Specify the datagram size in bytes.
  • df-bit {yes | no}: Set df-bit to yes to prevent the ICMP packet from being fragmented. Set df-bit to no to allow the ICMP packet to be fragmented.
  • pattern <2-byte_hex>: Used to fill in the optional data buffer at the end of the ICMP packet. The size of the buffer is specified using the data_size parameter. This allows for sending out packets of different sizes to test the effect of packet size on the connection.
  • interval: time between each ping.
  • interface: Outgoing interface. If no source-ip address is specified, the primary IP address of the interface is selected.
  • repeat-count <repeats>: Specify how many times to repeat the ping attempt.
  • Source {auto | <source-intf_ip>}: Specify the FortiGate interface from which to send the ping.

If auto is specified, the FortiGate selects the source address and interface based on the route to the <host-name_str> or <host_ip>.

Specifying the IP address of a FortiGate interface is used to test connections to different network segments from the specified interface.

  • timeout <seconds>: Specify, in seconds, how long to wait until the ping times out.
  • tos <service_type>: Set the ToS (Type of Service) field in the packet header to provide an indication of the quality of service wanted.
  • lowdelay: Minimize the delay.
  • throughput: Maximize throughput.
  • reliability: Maximize reliability.
  • lowcost: Minimize cost.
  • ttl <hops>: Specify the time to live. Time to live is the number of hops the ping packet should be allowed to make before being discarded or returned.
  • validate-reply {yes | no}: Select 'yes' to validate reply data.
  • view-settings: Display the current ping-option settings.
  • use-sdwan <yes | no>: If set to 'yes', the ping will follow SD-WAN rules and policy routes. Usually used with other options, such as source, to match a specific SD-WAN rule that is based on a specific source address.
  • reset: Reset ping options to default values.

Note: Ping can also be used for name resolution. To test name resolution, ping with the domain name as the destination. The following command output confirms the name resolution was successful:


exec ping

PING ( 56 data bytes