Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
karamjeetmultani
New Contributor

Created on ‎06-16-2024 05:27 AM

Empty ARP table - layer 2 issue

FortiFirewall-VM64-KVM # get system arp
Address Age(min) Hardware Addr Interface

 

 

FortiFirewall-VM64-KVM # diagnose sniffer packet any 'arp' 4
Using Original Sniffing Mode
interfaces=[any]
filters=[arp]
0.870537 port1 out arp who-has 192.168.0.1 tell 192.168.0.33
1.910426 port1 out arp who-has 192.168.0.1 tell 192.168.0.33
4.818708 port1 out arp who-has 192.168.0.1 tell 192.168.0.33
5.830426 port1 out arp who-has 192.168.0.1 tell 192.168.0.33

 


FortiFirewall-VM64-KVM # di packet sniffer port1 'none' 4 0 l

command parse error before 'packet'
Command fail. Return code -61

 

I see fortilink ip-address different from my network which is from class-c, but I see fortilink has class-c ip addresss  as seen below

 

config system interface
edit "port1"
set vdom "root"
set ip 192.168.0.33 255.255.255.0
set allowaccess ping https http
set type physical
set snmp-index 1
next

edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 14
next
end

316
0 Kudos
5 REPLIES 5
lgupta
Staff
Staff

Created on ‎06-16-2024 05:50 AM

Hello karamjeetmultani,

Thank you for reaching out.
Firstly, I do not see any physical interface as a member of "fortilink" interface.

And what is connected to port1 ?

 

Also, if you want to connect a FortiSwitch on physical interface port1, please remove all the references and ip address on port1. Then you should be able to add port1 as a member of fortilink interface.


Thank you!

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
303
0 Kudos
karamjeetmultani
New Contributor

Created on ‎06-16-2024 06:03 AM Edited on ‎06-16-2024 06:04 AM

Thanks for the quick response.

 

Our team trying to understand FortiGate and will be implementing the same very soon. 
We are trying to understand the connectivity and configuration of FortiGate, so we have setup this GNS3 Emulator to understand the network. 

 

Here's the configuration details:

FortiGate IP address: 192.168.0.33/24

GNS3 VM IP address: 192.168.0.52/24

Windows IP address: 192.168.0.125/24

Default Gateway: 192.168.0.1/24

 

C:\Users\<username>ping 192.168.0.33

Pinging 192.168.0.33 with 32 bytes of data:
Reply from 192.168.0.125: Destination host unreachable.
Reply from 192.168.0.125: Destination host unreachable.
Reply from 192.168.0.125: Destination host unreachable.
Reply from 192.168.0.125: Destination host unreachable.

Ping statistics for 192.168.0.33:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

 

Warning: Got ICMP 3 (Destination Unreachable)

FortiGate-7.4.4 (IP address: 192.168.0.33\24) running in GNS3 (2.2.47 version).

GNS3 VM (2.2.47 version with IP address: 192.168.0.52\24) running on Oracle VM Virtual Machine.

Windows 11 with IP-address: 192.168.0.125 with Default Gateway: 192.168.0.1

 

Able to ping GNS3 VM IP-address.

Unable to ping FortiGate below is the config details

config system interface
edit "port1"
set vdom "root"
set ip 192.168.0.33 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
set snmp-index 1
next

end

 

Screenshot 2024-06-15 004637.png

300
0 Kudos
ebilcari
Staff
Staff
In response to karamjeetmultani

Created on ‎06-16-2024 07:33 AM

I don't think that it's possible to emulate a FSW and a Fortilink connection in GNS3.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
262
0 Kudos
karamjeetmultani
New Contributor

Created on ‎06-16-2024 05:55 PM

@ebilcari @lgupta 

 

We followed many tutorial available on Youtube, sharing below one from the list for you reference

https://www.youtube.com/watch?v=DGak8YeSjL0&t=314s

 

We observe that the same steps were used in almost all videos and we did the same. But we are unable to ping the other device and through investigation we found arp table is not updating local networks devices.

181
0 Kudos
ebilcari
Staff
Staff
In response to karamjeetmultani

Created on ‎06-17-2024 12:02 AM

It may be an emulator issue (GNS3) while bridging to an external interface. Try connecting another virtual host from within GNS3 to the FGT (or a VPC) to verify the communication.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
146
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.