If I cannot change "Default Ping Options" I don't know why my ping from CLI do not work.
I have static default route 0.0.0.0/0 throught sd-wan virtual-wan-link, in sd-wan rules I have at the bottom default rule for internet traffic:
source (all) destination (all) - sd-wan members (wan1, wan2).
Now no matter what source interface Fortigate pick up for its DNS traffic it always should follow my default sd-wan rule because it have source (all).
As I know self originating traffic don't need ipv4 policy to be allowed - so can anyone explain me why my pings are not working?
FGT (static) # show
config router static
set distance 1
set sdwan enable
FGT (dns) # show
config system dns
set primary 22.214.171.124
set secondary 126.96.36.199
set domain "company.local"
set interface-select-method sdwan
set name "Internet_Out_Wan2"
set dst "all"
set src "all"
set priority-members 2 1
FGT (sdwan) #
FGT # execute ping 188.8.131.52
PING 184.108.40.206 (220.127.116.11): 56 data bytes
--- 18.104.22.168 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss