Dears
I have a ESXi host connected on the cisco switch whose default gateway is on fortigate firewall and the Policy i have on fortigate is permit ip any any, the ESXi host is pingable from other subnets except one subnet 172.20.3.X below are the traces collected from fortigate, from my diagnosis i can see that the server is not responding to the ping packet please confirm to me.
2017-04-13 16:35:32 id=20085 trace_id=5 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=1, 172.20.3.90:103->172.20.29.134:8) from P2P-TO-ASA. code=8, type=0, id=103, seq=0." 2017-04-13 16:35:32 id=20085 trace_id=5 func=init_ip_session_common line=4569 msg="allocate a new session-07626d34" 2017-04-13 16:35:32 id=20085 trace_id=5 func=vf_ip4_route_input line=1596 msg="find a route: flags=00000000 gw-172.20.29.134 via CARD-UAT" 2017-04-13 16:35:32 id=20085 trace_id=5 func=fw_forward_handler line=671 msg="Allowed by Policy-21:" 2017-04-13 16:35:34 id=20085 trace_id=6 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=1, 172.20.3.90:103->172.20.29.134:8) from P2P-TO-ASA. code=8, type=0, id=103, seq=1." 2017-04-13 16:35:34 id=20085 trace_id=6 func=resolve_ip_tuple_fast line=4479 msg="Find an existing session, id-07626d34, original direction"
Thanks
Do you have a route back?
Fortigate <3
yes i have a default route pointing towards core switch which has all the Network, the strange is that the other ip in the same subnet i am able to ping.
Thanks
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.