Fortigate ping is not responding if subnet is directly connected

Umesh · ‎05-12-2025

Dear All,

This question is little bit strange but I want to know for My KB. If you see the digram there are three interfaces Port1, Port2 and port3 which are in deffirent subnets. I am able to ping from PC1&2 to my gateway 192.168.1.1 which is absolutely is same subnet but not able to ping 1.1.1.2 and 2.2.2.2 from PC1 and PC2. Why ??

I have configured same thing on Cisco router with three subnet with same subnet, I was able to ping because these are the subnet which directly connected If see the routing table using #show ip route.

I though same thing should be in Fortigate Firewall but it did not work for me.

Can anyone tell me why I am not able to ping from PC1&PC2 (192.168.1.0/24) to 1.1.1.2&2.2.2.2.

These subnets are also directly connected to Fortigate Firewall.

Thank you for your reply in advance.

sjoshi · ‎05-12-2025

Hi,

In fortinet if you want to communicate among the different interface then you need to setup firewall policy.

Please create firewall policy from port3 to port1 and port2 and vice versa and allowed the required subnet.

Refer:-

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/656084/firewall-policy#:~:te....

If you have found a solution, please like and accept it to make it easily accessible to others.
Fortinet Certified Expert (FCX) | #NSE8-003459
Salon Raj Joshi

dingjerry_FTNT · ‎05-12-2025

Hi @Umesh ,

1) Since all 3 subnets are connected ones on FGT, so I assume that there is no issue with routing.

You can check the routing table on FGT using this CLI command:

get router info routing-table all

2) You need firewall policies from port3 to port1 and/or port2 for Ping;

3) You need to enable Ping administrative access on port1 and port2 as well.

I guess you are missing #2 and/or #3.

Regards,

Jerry

Fortigate ping is not responding if subnet is directly connected

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website