Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

DMZ using loopback.

HI Folks.



I am creating a new DMZ using a loopback address on fortigate 6.14.3

I have created a couple of VMs that use the IP range of the new DMZ. 

From the firewall I can ping the VMs no problem, However from the VMs I cannot ping the loopback interface which would be their default gateway. Not sure what is going on here. Yes PING is enabled on the FG interface.


edit "DMZ2"
set vdom "root"
set ip
set allowaccess ping
set type loopback
set alias "DMZ2"
set role dmz
set snmp-index 62


I have allowed a policy so I should be able to ping from other networks connected to the fortigate physically but no response.

From the fortigate.

FW1 $ exec ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=255 time=0.0 ms
64 bytes from icmp_seq=1 ttl=255 time=0.0 ms
64 bytes from icmp_seq=2 ttl=255 time=0.0 ms
64 bytes from icmp_seq=3 ttl=255 time=0.0 ms
64 bytes from icmp_seq=4 ttl=255 time=0.0 ms

--- ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms


VM networks setup fine.

However no arp entry for the address.



any ideas !!







Perhaps I am missing something because what I'm about to write seems somewhat trivial, but regardless...

If the layer two extends up to the FortiGate, then it can simply be the gateway within that DMZ subnet.

If the traffic is routed, you would have to instruct the gateway of the DMZ subnet to route all the DMZ traffic through the FortiGate, and then route/policy it further on the FortiGate as desired.

[ corrections always welcome ]

I think its a problem within my VMWare. 

Yes I wanted to use it as a simple gateway. 


thanks for your assistance.



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors