Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
robinsonb
New Contributor

GCP Fortigate I can’t ping 8.8.8.8 on my private network

I can not ping google from my private interface but in can ping google with my public interface. I used the terraform code that offers fortinet for the deployment of it on gcp: https://github.com/fortinet/fortigate-terraform-deploy/tree/main/gcp/7.0/ha

 

this is the representation of the network I’m trying to get :

xoIVh.png

 

My firewall rules for the private vpc :

EaRoB.png

My gateway :

 

KfM5g.png

 

 

My Nat :

 

Zedfe.png

 

 

My network policy gcp connector :

 

lCwcX.png

 

 

I use a debian 9 for my private network :

 

oVOlK.png

 

log I get during tests :

 

AdGpb.pngfzWJo.pngSpDZ0.png

 I can' ping my debian with my fortinet :

Capture.JPG

 

If you have any idea what it can be. I am interested.

6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Hello robinsonb,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
robinsonb

Hello Anthony and thank you for the support. If you need more information let me know.

 

Regards,

sjoshi
Staff
Staff

Dear robinsonb,

 

Thank you for posting to the Fortinet Community Forum.

 

As per your description you are not  able to ping 8.8.8.8 from your private NW but from FGT it is working fine.

 

NW Topology:-
172.16.1.7--FGT--ISP--8.8.8.8

 

Please run the following cmd:-
diag sniff packet any 'host 8.8.8.8 and icmp' 4
diag sys arp | grep 172.16.1.7
get router info routing-table all

 

Please share me the output

 

Thanks

Salon Raj Joshi
robinsonb

Hello Salon Raj Joshi, thank you for your help.

Not exactly, I happen to ping google only from my Wan interface. If I on my Lan interface, I don’t ping.

t.png

 

q.png

d.JPG.png

y.png

 

u.png

 

Here are the screenshot you asked for. If you want further information I am at your disposal. Thank you again for your help

 

sjoshi

Dear robinsonb,

 

As per the output I could see that there is no arp for the source PC connected on port 2Check whether you can ping teh GW(port2 IP) from the PC.
Take a policy lookup whether the policy which you have configured is matching
Please find the link for your reference:-
https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/184224/policy-and-route-lookup#:~....

 

Thanks

Salon Raj Joshi
robinsonb

Hello Salon Raj Joshi,

 

Thank you for your answer I set up a policy route rule but it didn’t change anything.

kkk.JPG
I performed: diag sniff packet any 'host 8.8.8.8 and icmp' 4

 

and I have no answer back. 

mlsms.JPGqqq.JPG

I don’t know why my firewall can’t ping google via the private interface.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors