Hi all,
Not sure if this is a Fortigate issue but i've got a site connected to our main HQ with an IPSEC vpn between the two (60E V 7.0.3) and all is working fine however i've gone to ping some devices over there and found that i can ping some and not others. They are all on the same subnet and if i connected onto a machine within that subnet i can ping them all so i know that ping is enabled on the devices and i know that the gateway is set as they can get to the HQ side of the VPN fine.
I've ran a packet capture on the devices that i can't ping and the ping is showing as getting to the devices but nothing returns back ? There is only a single 48 port HP switch in between the devices and the router and all devices are in the same switch so i'm not sure why i can ping some and not the others ? Is there anything anyone can think of ?
Thanks
Ian
Do you ever get this figured out? I started having the exact issue on one b2b tunnel. I have six other identical tunnels going to six clinics that all connect to our main office. All the configurations are basically identical and all are on the same software level. After applying the latest 7.2.3 patch one tunnel started exhibiting the exact behavior you described. It seems like I can ping things like printers or other headless devices, but I can't ping computers or servers on the same subnet. I can consistently get to one desktop, but no others. It is strangest thing I've ever seen.
I have got the same problem.. I can't ping one server on remote subnet. It is not seen on nmap too, but other computers is okay. Also I can ping gateway of subnet. After I reset tunnel on both sites, server is available to ping. But after few minutes it stops working again.
Hi ianoakwell....i did but it was nothing to do with the routers, i managed to determine that it was only with "some" of the HP thin clients there and there was a problem with the firewall settings but there was also another device on there (a printer) that just wouldn't respond so it gave me a bit of a misleading source as i thought it was random devices but turned out it was just the thin clients and the printer was a seperate issue in itself. Not sure that will help you though, sorry
Hi,
Adding further to the answer, Please also make sure you disable all sort of Anitvirus installed on workstation.
Thank you
Hello, you can do packet sniffer on both sides to verify traffic is going out through correct interface and remote site is receiving it
Using the FortiOS built-in packet sniffer for capturing packets: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sn...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.