Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

How to change default ping options

Hello,

my pings from console is working only when I enable before any ping "use-sdwan yes" but after a while ping are not working as this is temporary settings, I see that pings have Default settings and there is Use-Sdwan :disable - how to change that default setting?

 

 

 

FGT # execute ping 173.243.140.53 
PING 173.243.140.53 (173.243.140.53): 56 data bytes

--- 173.243.140.53 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss


FGT # execute ping-options use-sdwan yes

FGT # execute ping 173.243.140.53
PING 173.243.140.53 (173.243.140.53): 56 data bytes
64 bytes from 173.243.140.53: icmp_seq=0 ttl=54 time=26.5 ms
64 bytes from 173.243.140.53: icmp_seq=1 ttl=54 time=27.0 ms
64 bytes from 173.243.140.53: icmp_seq=2 ttl=54 time=26.4 ms
64 bytes from 173.243.140.53: icmp_seq=3 ttl=54 time=26.5 ms
^C
--- 173.243.140.53 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 26.4/26.6/27.0 ms

 

 

 

 

FGT # execute ping-options view-settings
Ping Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interface: auto
Interval: 1
TTL: 64
TOS: 0
DF bit: unset
Source Address: auto
VRF: 0
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Adaptive Ping: disable
Use SD-WAN: no

 

Default Ping Options:
Repeat Count: 5
Data Size: 56
Timeout: 2
Interval: 1
Interface: auto
TTL: 64
TOS: 0
DF bit: unset
Source Address: auto
VRF: 0
Pattern:
Pattern Size in Bytes: 0
Validate Reply: no
Adaptive Ping: disable
Use SD-WAN: disable

2 REPLIES 2
msolanki
Staff
Staff

Hi Tutek,

This is default behavior  and these options are valid within specific session. For example, if you connect to Fortigate via ssh and configure these options, they will be valid for this ssh session. When you disconnect, these options will be set to default. And when you connect next time, you will have to specify these option again.

I believe you are looking for fortiguard traffic which is treated as local originated traffic please check below KB that might help you.

https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-control-change-the-FortiGate-sourc...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-CLI-command-to-check-the-use-of-source-ip-...

Thanks

Madhav

Tutek
Contributor

If I cannot change "Default Ping Options" I don't know why my ping from CLI do not work. 

I have static default route 0.0.0.0/0 throught sd-wan virtual-wan-link, in sd-wan rules I have at the bottom default rule for internet traffic:

source (all) destination (all) - sd-wan members (wan1, wan2).

Now no matter what source interface Fortigate pick up for its DNS traffic it always should follow my default sd-wan rule because it have source (all).

As I know self originating traffic don't need ipv4 policy to be allowed - so can anyone explain me why my pings are not working?

 

 

FGT (static) # show
config router static
    edit 1
        set distance 1
        set sdwan enable
    next

 

 

 

 

FGT (dns) # show
config system dns
    set primary 208.91.112.53
    set secondary 208.91.112.52
    set domain "company.local"
    set interface-select-method sdwan
end

 

 

 

 

 edit 6
            set name "Internet_Out_Wan2"
            set dst "all"
            set src "all"
            set priority-members 2 1
        next
    end
end

FGT (sdwan) # 

 

 

 

 

 

FGT # execute ping 173.243.140.53
PING 173.243.140.53 (173.243.140.53): 56 data bytes
^C
--- 173.243.140.53 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

 

 

Labels
Top Kudoed Authors