Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinet-davidy
New Contributor

Fortigate cannot ping outside

Hi Please see the below diagram. Fortigate-port3, PC-eth0 and router-Gi0/0 (default gateway 192.168.1.1 for fortigate1 and PC to access internet) are in the same vlan. 8.8.8.8 is located at Cloud Net. Now both Fortigate1 and PC can ping gateway 192.168.1.1. but Fortigate1 cannot ping 8.8.8.8 while PC can ping 8.8.8.8. Fortigate config also is listed as below. Did I miss some step?  Thanks

 

 

fortinetdavidy_0-1676176202436.png

 

FortiGate-VM64-KVM # show system interface

edit "port3"
set vdom "root"
set ip 192.168.1.221 255.255.255.0
set allowaccess ping https ssh http
set type physical
set snmp-index 3
next

FortiGate-VM64-KVM # sh router policy
config router policy
edit 1
set input-device "port1"
set dst "0.0.0.0/0.0.0.0"
set gateway 192.168.1.1
set output-device "port3"
next
end

1 Solution
tthrilok
Staff
Staff

Hi Davidy,

 

Thank you for the query!

 

As per firewall configuration shared by you, you have configured a policy route on the firewall which is for the transit traffic. Ping which you initiate from the firewall is a self generated traffic, in order for the self generated traffic to route properly on the firewall we would need a route in the routing-table which can be static or dynamic. 

 

Could you try the below commands and test:
config router static
edit 1
set gateway 192.168.1.1
set device "port3"
next

Above commands add a static default route on the firewall.

View solution in original post

2 REPLIES 2
tthrilok
Staff
Staff

Hi Davidy,

 

Thank you for the query!

 

As per firewall configuration shared by you, you have configured a policy route on the firewall which is for the transit traffic. Ping which you initiate from the firewall is a self generated traffic, in order for the self generated traffic to route properly on the firewall we would need a route in the routing-table which can be static or dynamic. 

 

Could you try the below commands and test:
config router static
edit 1
set gateway 192.168.1.1
set device "port3"
next

Above commands add a static default route on the firewall.

fortinet-davidy
New Contributor

Right, thank you very much!

Labels
Top Kudoed Authors