Fortigate Interface Gateway Unable to Ping

cetia · ‎02-24-2021

Hello,

I created a new interface in Firewall. Although ICMP is allowaccess at Interface; clients cannot ping the gateway address.

When I create debug in Firewall; I see it was dropped because it didn't match the rule. Normally there is no need to have a rule for the client to ping the gateway address. Where could the problem be?

id=20085 trace_id=1155 func=print_pkt_detail line=4915 msg="vd-LOCAL received a packet(proto=1, 10.100.17.11:19760->10.100.17.1:2048) from Server-MNG. type=8, code=0, id=19760, seq=486." id=20085 trace_id=1155 func=init_ip_session_common line=5062 msg="allocate a new session-0f73a6b8" id=20085 trace_id=1155 func=fw_local_in_handler line=392 msg="iprope_in_check() check failed on policy 0, drop"

marchand · ‎02-24-2021

Check if it is not the case 2

https://kb.fortinet.com/k....do?externalId=FD31702

View solution in original post

emnoc · ‎02-24-2021

Is "10.100.17.1" the FortiGate address? I can't see your picture fwiw

Ken Felix

PCNSE

NSE

StrongSwan

cetia · ‎02-24-2021

Yes, 10.100.17.1 is Fortigate interface ip

edit "Server-MNG" set vdom "LOCAL". set ip 10.100.17.1 255.255.255.0 set allowaccess ping https ssh set snmp-index 168 end set interface "port10" set vlanid 117

Thank you,

marchand · ‎02-24-2021

Check if it is not the case 2

https://kb.fortinet.com/k....do?externalId=FD31702

cetia · ‎02-24-2021

Hi marchand,

The second case in the link you posted solved my problem. Thanks a lot.

config system admin edit "admin" set remote-auth enable set trusthost3 10.100.17.0 255.255.255.0 set accprofile "super_admin" set vdom "LOCAL" next end

Fortigate Interface Gateway Unable to Ping

Nominate a Forum Post for Knowledge Article Creation