Could ping in Bridge SSID mode but could not ping with SSID Tunnel mode

QPham · ‎11-20-2019

Hello Fortinet Forum,

In my working environment, I implemented both Bridge mode and Tunnel mode SSIDs. Devices in the same Bridge mode SSID can ping each other.

However, devices in the same tunnel mode SSID could not ping each other eventhough they can ping the Internet. I have also tried to disable "Block Intra-SSID traffic" and remove "ARPs for known clients" out of "Broadcast Suppression" list but the result remains the same. Could I have some advice how make the devices with the same tunnel mode SSID (same network) can ping each other?

I use Fortigate 200E.

Many thanks.

Toshi_Esumi · ‎11-20-2019

I could successfully toggle ping behavior between pingable and not pingable by flipping "Block Intra-SSID traffic" setting (ClI: set intra-vap-privacy disable/enable) on a tunnel mode SSID with v6.0.6.

Are you sure the device you're trying to ping doesn't have any FW blocking your ping from another device on the same SSID?

QPham · ‎11-20-2019

Hi Toshi,

I am using version 5.6.9.

The devices are not blocking ping because I could ping between these devices when I join Bridge mode. The problem is just with tunnel mode. I have done the same which is tuggle "Block Intra-SSID traffic" as I have said but it did not help.

Thank you.

Toshi_Esumi · ‎11-20-2019

I would either try upgrading it to 5.6.11 and if still doesn't work, open a ticket. Or open a ticket first with 5.6.9. Although I didn't see this issue in 5.6.10 and 5.6.11 release notes.

QPham · ‎11-20-2019

Thank you Toshi.

Could ping in Bridge SSID mode but could not ping with SSID Tunnel mode

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website