Hello,
my pings from console is working only when I enable before any ping "use-sdwan yes" but after a while ping are not working as this is temporary settings, I see that pings have Default settings and there is Use-Sdwan :disable - how to change that default setting?
FGT # execute ping 173.243.140.53
PING 173.243.140.53 (173.243.140.53): 56 data bytes
--- 173.243.140.53 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
FGT # execute ping-options use-sdwan yes
FGT # execute ping 173.243.140.53
PING 173.243.140.53 (173.243.140.53): 56 data bytes
64 bytes from 173.243.140.53: icmp_seq=0 ttl=54 time=26.5 ms
64 bytes from 173.243.140.53: icmp_seq=1 ttl=54 time=27.0 ms
64 bytes from 173.243.140.53: icmp_seq=2 ttl=54 time=26.4 ms
64 bytes from 173.243.140.53: icmp_seq=3 ttl=54 time=26.5 ms
^C
--- 173.243.140.53 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 26.4/26.6/27.0 ms
FGT # execute ping-options view-settings
Ping Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interface: auto
Interval: 1
TTL: 64
TOS: 0
DF bit: unset
Source Address: auto
VRF: 0
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Adaptive Ping: disable
Use SD-WAN: no
Default Ping Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interval: 1
Interface: auto
TTL: 64
TOS: 0
DF bit: unset
Source Address: auto
VRF: 0
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Adaptive Ping: disable
Use SD-WAN: disable
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Tutek,
This is default behavior and these options are valid within specific session. For example, if you connect to Fortigate via ssh and configure these options, they will be valid for this ssh session. When you disconnect, these options will be set to default. And when you connect next time, you will have to specify these option again.
I believe you are looking for fortiguard traffic which is treated as local originated traffic please check below KB that might help you.
Thanks
Madhav
If I cannot change "Default Ping Options" I don't know why my ping from CLI do not work.
I have static default route 0.0.0.0/0 throught sd-wan virtual-wan-link, in sd-wan rules I have at the bottom default rule for internet traffic:
source (all) destination (all) - sd-wan members (wan1, wan2).
Now no matter what source interface Fortigate pick up for its DNS traffic it always should follow my default sd-wan rule because it have source (all).
As I know self originating traffic don't need ipv4 policy to be allowed - so can anyone explain me why my pings are not working?
FGT (static) # show
config router static
edit 1
set distance 1
set sdwan enable
next
FGT (dns) # show
config system dns
set primary 208.91.112.53
set secondary 208.91.112.52
set domain "company.local"
set interface-select-method sdwan
end
edit 6
set name "Internet_Out_Wan2"
set dst "all"
set src "all"
set priority-members 2 1
next
end
end
FGT (sdwan) #
FGT # execute ping 173.243.140.53
PING 173.243.140.53 (173.243.140.53): 56 data bytes
^C
--- 173.243.140.53 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.