I can not ping google from my private interface but in can ping google with my public interface. I used the terraform code that offers fortinet for the deployment of it on gcp: https://github.com/fortinet/fortigate-terraform-deploy/tree/main/gcp/7.0/ha
this is the representation of the network I’m trying to get :
My firewall rules for the private vpc :
My gateway :
My Nat :
My network policy gcp connector :
I use a debian 9 for my private network :
log I get during tests :
I can' ping my debian with my fortinet :
If you have any idea what it can be. I am interested.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello robinsonb,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello Anthony and thank you for the support. If you need more information let me know.
Regards,
Dear robinsonb,
Thank you for posting to the Fortinet Community Forum.
As per your description you are not able to ping 8.8.8.8 from your private NW but from FGT it is working fine.
NW Topology:-
172.16.1.7--FGT--ISP--8.8.8.8
Please run the following cmd:-
diag sniff packet any 'host 8.8.8.8 and icmp' 4
diag sys arp | grep 172.16.1.7
get router info routing-table all
Please share me the output
Thanks
Hello Salon Raj Joshi, thank you for your help.
Not exactly, I happen to ping google only from my Wan interface. If I on my Lan interface, I don’t ping.
Here are the screenshot you asked for. If you want further information I am at your disposal. Thank you again for your help
Dear robinsonb,
As per the output I could see that there is no arp for the source PC connected on port 2Check whether you can ping teh GW(port2 IP) from the PC.
Take a policy lookup whether the policy which you have configured is matching
Please find the link for your reference:-
https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/184224/policy-and-route-lookup#:~....
Thanks
Hello Salon Raj Joshi,
Thank you for your answer I set up a policy route rule but it didn’t change anything.
I performed: diag sniff packet any 'host 8.8.8.8 and icmp' 4
and I have no answer back.
I don’t know why my firewall can’t ping google via the private interface.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.