Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Cleyton_Agenil_da_Si
New Contributor

Created on ‎01-13-2021 12:48 PM

FortiGate 50E do not respond external ICMP ping

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Olá[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Tenho vários FG 50E que se conectam ao FG 80E via VPN Site to Site IPSec.[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Fiz uma alteração no tráfego da Internet do gateway padrão FG 50E fora do túnel.[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Exemplo:[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Rota estática[/style][/style]

 

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Destination IP Gateway Interface Distination Priority[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]0.0.0.0 187.12.144.78 WAN1 1 0[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]189.21.32.16/32 187.12.144.78 Túnel 10 0 <- Gateway padrão[/style][/style]

 

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Dessa forma, todo o tráfego de Internet gerado pelas estações atrás de cada FG50E passa pelo túnel.[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]No entanto, após realizar esta modificação em todos os FG50E, eles não respondem aos[/style][/style]

 

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Branch-1 # execute ping 8.8.8.8 [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]PING 8.8.8.8 (8.8.8.8): 56 bytes de dados[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]--- 8.8.8.8 estatísticas de ping --- [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]5 pacotes transmitidos, 0 pacotes recebidos, 100% de perda de pacotes[/style][/style]

 

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Branch-1 # diagnose sniffer package any "host 8.8.8.8 and icmp" 4 [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]interfaces = [any] [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]filters = [host 8.8.8.8 and icmp] [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]27.586885 Branch-1-HQ out 187.12.144.79 -> 8.8.8.8: icmp: solicitação de eco [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]28.596252 Branch-1-HQ de saída 187.12.144.79 -> 8.8.8.8: icmp: solicitação de eco [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]29.606373 Branch-1-HQ de saída 187.12.144.79 -> 8.8.8.8: icmp: solicitação de eco [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]30.616222 Branch-1-HQ de saída 187.12 .144,79 -> 8.8.8.8: icmp: solicitação de eco [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]31.626259 Branch-1-HQ saída 187.12.144.79 -> 8.8.8.8: icmp: solicitação de eco[/style][/style]

 

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Como faço para que o FG50E responda ao ping ICMP exerno mesmo se o gateway padrão for um túnel VPN?[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Agradeço a ajuda.[/style][/style]

1326
0 Kudos
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.