Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
irodriguez_FTNT
Staff
Staff

Created on ‎05-06-2009 01:13 AM Edited on ‎05-04-2025 09:51 PM By Community Manager

Article Id 190774

Troubleshooting Tip: Using PING options from the FortiGate CLI

Description

 

This article describes the FortiGate ping options in IPv4 and IPv6 that can be used for various troubleshooting purposes. Two particularly useful options are repeat-count and source.

 

Scope

 

FortiGate.


Solution


From the CLI, type the following command to see all IPv4 ping options:

 

execute ping-options ?

execute ping-options adaptive-ping <enable|disable>

execute ping-options data-size <bytes>

execute ping-options df-bit {yes | no}

execute ping-options pattern <2-byte_hex>

execute ping-options interface <auto | interface_name>
execute ping-options interval <seconds>

execute ping-options repeat-count <repeats>

execute ping-options source {auto | <source-intf_ip>}

execute ping-options timeout <seconds>

execute ping-options tos <service_type>

execute ping-options ttl <hops>

execute ping-options validate-reply {yes | no}

execute ping-options view-settings

execute ping-options use-sdwan <yes | no>

execute ping-options reset

 

CLI example:

 

KB edit.PNG

 

Keyword Description Default:

 
  • adaptive-ping <enable|disable>: FortiGate sends the next packet as soon as the last response is received.
  • data-size <bytes>: Specify the datagram size in bytes.
  • df-bit {yes | no}: Set df-bit to yes to prevent the ICMP packet from being fragmented. Set df-bit to no to allow the ICMP packet to be fragmented.
  • pattern <2-byte_hex>: Used to fill in the optional data buffer at the end of the ICMP packet. The size of the buffer is specified using the data_size parameter. This allows for sending out packets of different sizes to test the effect of packet size on the connection.
  • interval: time between each ping.
  • interface {Auto | <outgoing interface>}: Egress interface used to transmit the ECHO request. If Auto, FortiGate selects based on destination IP route lookup.
  • repeat-count <repeats>: Specify how many times to repeat the ping attempt.
  • source {auto | <source IP>}: Specify the source IP address to send the ping. If auto is specified, the FortiGate selects a source address based on the interface chosen to send the traffic.
    S    pecifying source IP addresses in different network segments can be used to simulate connections originating from different subnets.
  • timeout <seconds>: Specify, in seconds, how long to wait until the ping times out.
  • tos <service_type>: Set the IP ToS (Type of Service) field in the packet header to indicate the quality of service wanted.
    • default: IP ToS field 0x00.
    • lowcost: minimize the cost, IP ToS field 0x02.
    • lowdelay: minimize the delay, IP ToS field 0x10.
    • throughput: maximize throughput, IP ToS field 0x08.
    • reliability: maximize reliability, IP ToS field 0x04.
  • ttl <hops>: Specify the time to live. Time to live is the number of hops the ping packet should be allowed to make before being discarded or returned.
  • validate-reply {yes | no}: Select 'yes' to validate reply data.
  • view-settings: Display the current ping-option settings.
  • use-sdwan <yes | no>: Default is 'no'. If set to 'yes', ping will check SD-WAN rules and policy routes. Usually used with other options, such as source, to match a specific SD-WAN rule based on a specific source address.
  • reset: Reset ping options to default values.

Note:

Ping can also be used to verify FortiGate's ability to resolve domain names. To test name resolution, ping with the domain name as the destination. If PING output shows an IP address, name resolution was successful:

       

execute ping google.com

PING google.com (142.250.179.78): 56 data bytes

 

When IPv6 is enabled in FortiGate feature visibility settings and an IPv6 address is assigned to an interface, IPv6 ping can be performed through the command below:

 

execute ping6 y:y:y:y:y:y:y:y

 

From CLI, the ping options available for IPv6 are similar to IPv4 and are the following:

 

execute ping6-options ?
execute ping6-options adaptive-ping <enable|disable>
execute ping6-options data-size <bytes>
execute ping6-options interface <auto | <outgoing_interface>
execute ping6-options interval <seconds>
execute ping6-options pattern <2-byte_hex>
execute ping6-options repeat-count <repeats>
execute ping6-options reset
execute ping6-options source6 <auto | IPv6_source_interface>
execute ping6-options timeout <seconds>
execute ping6-options tos <IPv6_type-of-service_value>
execute ping6-options ttl <time-to-live>
execute ping6-options use-sdwan <yes | no>
execute ping6-options validate-reply <yes | no>
execute ping6-options view-settings

 

The use and meaning of each IPv6 option are similar to its IPv4 counterpart. Note that in IPv6, option source is called source6, and option df-bit is not available.

657129
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.