Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
imei-ianv
New Contributor

FortiGate 100E Ping Response - Expected Result?

Hey all,

 

This could be a general question on FortiGate products, not sure yet.

 

I have a FortiGate 100E on 6.0.5. Configuring and testing a WAN port.

If I exec ping <gateway> I get an expected response.

But when I exec ping 1.1.1.1 or exec traceroute 1.1.1.1 (or any other IP beyond my gateway) the response I get is:

traceroute to 1.1.1.1 (1.1.1.1), 32 hops max, 3 probe packets per hop, 72 byte packets

 1  127.0.0.1 <localhost>  883.985 ms !H  2993.665 ms !H  2999.748 ms !H

 

I am troubleshooting a new WAN, so no connectivity beyond gateway is not what I need help with.

I just want to know, is it normal to receive a response from localhost?

Looking at the timing, ~ 3000ms, this would indicate a failure / timeout, but why respond with localhost instead of with just a simple Response timed out?

6 REPLIES 6
tthrilok
Staff
Staff

Hi Imei,

 

Thank you for the query!

 

I understand when you are pinging gateway you are receiving the response, however when you are pinging or traceroute to 1.1.1.1, you are seeing response from the 127.0.0.1.

 

Could you please confirm if this is happening only for 1.1.1.1 or anything on the internet.

 

Please share the output of the commands:
get router info routing-table details 1.1.1.1

get router info routing-table all

 

Thank you!

 

imei-ianv

Any IP beyond the gateway causes this behaviour.

 

I cannot get immediate access to the device, so am unable to run your commands.

However, I checked routing (including using get router info routing-table) and I didn't see anything abnormal. 0.0.0.0\0 was destined for the gateway IP.

jintrah_FTNT
Staff
Staff

Hi,

 

Check the routing, it appears there is an issue in the next-hop derivation (if you were using dynamic routing like BGP(I presume), check the next-hop or may be there is an entry in the routecache with an invalid gateway ip).

 

Best regards,

Jin

imei-ianv

No, static routing.

So, are we saying, that 'exec ping 1.1.1.1' would return 127.0.0.1 (localhost) if the gateway is unreachable? And would never state 'destination unreachable' or 'response timed out' ?

jintrah_FTNT

No, you would get destination unreachable or response time out on other conditions. Your response for traceroute indicated was !H, indicating no proper hop, so you should check the gateway IP of the route seen in the route table is valid or not.  You can post the route table, and the rtcache for better visiblity. You may also try restarting the routing, flushing the route cache or restarting the device, if you have already determined the gateway in the route table is valid.

 

Best regards,

Jin

Toshi_Esumi
Esteemed Contributor II

The first hop with 127.0.0.1 is your gateway device, not your FGT itself. If you sniff packets on the interface connected to the gateway, you would see what the gateway is returning.

 

Toshi