Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
robinsonb
New Contributor

Created on ‎06-21-2022 04:14 PM Edited on ‎06-21-2022 04:45 PM

GCP Fortigate I can’t ping 8.8.8.8 on my private network

I can not ping google from my private interface but in can ping google with my public interface. I used the terraform code that offers fortinet for the deployment of it on gcp: https://github.com/fortinet/fortigate-terraform-deploy/tree/main/gcp/7.0/ha

 

this is the representation of the network I’m trying to get :

xoIVh.png

 

My firewall rules for the private vpc :

EaRoB.png

My gateway :

 

KfM5g.png

 

 

My Nat :

 

Zedfe.png

 

 

My network policy gcp connector :

 

lCwcX.png

 

 

I use a debian 9 for my private network :

 

oVOlK.png

 

log I get during tests :

 

AdGpb.pngfzWJo.pngSpDZ0.png

 I can' ping my debian with my fortinet :

Capture.JPG

 

If you have any idea what it can be. I am interested.

Labels:
2443
0 Kudos
6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Created on ‎06-24-2022 03:28 AM

Hello robinsonb,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
2314
robinsonb
New Contributor
In response to Anthony_E

Created on ‎06-24-2022 08:44 AM

Hello Anthony and thank you for the support. If you need more information let me know.

 

Regards,

2296
0 Kudos
sjoshi
Staff
Staff

Created on ‎06-24-2022 04:32 AM Edited on ‎06-24-2022 05:50 AM

Dear robinsonb,

 

Thank you for posting to the Fortinet Community Forum.

 

As per your description you are not  able to ping 8.8.8.8 from your private NW but from FGT it is working fine.

 

NW Topology:-
172.16.1.7--FGT--ISP--8.8.8.8

 

Please run the following cmd:-
diag sniff packet any 'host 8.8.8.8 and icmp' 4
diag sys arp | grep 172.16.1.7
get router info routing-table all

 

Please share me the output

 

Thanks

Salon Raj Joshi
2311
robinsonb
New Contributor
In response to sjoshi

Created on ‎06-24-2022 09:09 AM

Hello Salon Raj Joshi, thank you for your help.

Not exactly, I happen to ping google only from my Wan interface. If I on my Lan interface, I don’t ping.

t.png

 

q.png

d.JPG.png

y.png

 

u.png

 

Here are the screenshot you asked for. If you want further information I am at your disposal. Thank you again for your help

 

2294
0 Kudos
sjoshi
Staff
Staff
In response to robinsonb

Created on ‎06-24-2022 11:05 AM

Dear robinsonb,

 

As per the output I could see that there is no arp for the source PC connected on port 2Check whether you can ping teh GW(port2 IP) from the PC.
Take a policy lookup whether the policy which you have configured is matching
Please find the link for your reference:-
https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/184224/policy-and-route-lookup#:~....

 

Thanks

Salon Raj Joshi
2277
0 Kudos
robinsonb
New Contributor
In response to sjoshi

Created on ‎06-25-2022 11:29 AM

Hello Salon Raj Joshi,

 

Thank you for your answer I set up a policy route rule but it didn’t change anything.

kkk.JPG
I performed: diag sniff packet any 'host 8.8.8.8 and icmp' 4

 

and I have no answer back. 

mlsms.JPGqqq.JPG

I don’t know why my firewall can’t ping google via the private interface.

2263
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.