Technical Tip: FortiProxy interface is not responding to an ICMP request

ychia · ‎03-05-2025

Description

This article describes why FortiProxy is not responding to ICMP request initiated from directly connected interfaces from local users in multi-vdom environment.

Trusthost is being added to admin settings in accordance with the same issue.

Debug output:

2025-03-05 15:19:05 id=20085 trace_id=18 func=print_pkt_detail line=112 msg="vd-Traffic at hook-fpx_setup_flow_pre_route received a packet(proto=1, 10.159.x.y:0->10.159.x.z:0) from port2. type=8, code=0, id=44557, seq=768."

2025-03-05 15:19:05 id=20085 trace_id=18 func=ip_route_input_slow line=2173 msg="start input route 10.159.x.y->10.159.x.z dev port2 vfid 1"

2025-03-05 15:19:05 id=20085 trace_id=18 func=__dump_flowi4 line=54 msg="ip_route_input_slow:2241 flowi4 saddr=10.159.x.y daddr=10.159.x.z sport=0 dport=0 iif=4 oif=0 proto=0 mark=0x0 flag=0x0 ready to route packet"

2025-03-05 15:19:05 id=20085 trace_id=18 func=ip_route_input_slow line=2251 msg="route found type=2 table_id=255 pol_route=0"

2025-03-05 15:19:05 id=20085 trace_id=18 func=ip_local_deliver line=253 msg="deliver skb to upper layer"

Scope

FortiProxy v7.4.

Solution

This is due to known issue#1070388: FortiProxy is not responding to an ICMP request from directly connected interfaces.

The issue is resolved in FortiProxy v7.4.7.

Technical Tip: FortiProxy interface is not responding to an ICMP request

You are leaving our website