Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lupo
New Contributor

Created on ‎07-27-2022 01:34 AM

Manually send an arp request from Fortigate (arping)

Hello everyone,

 

is there a command to manually send an ARP request for a specific IP on a local interface? What I'm looking for is a functionality much like the 'arping' tool on Linux.

 

My usecase is determining whether there is a duplicate IP on a directly connected network.

 

Kind regards,

Lupo

Labels:
7530
0 Kudos
1 Solution
pminarik
Staff
Staff

Created on ‎07-27-2022 05:15 AM Edited on ‎07-27-2022 05:16 AM

No command specifically for that, but you can just run "exe ping <specific-ip>". If the IP/MAC isn't already in its ARP table (get sys arp), the FortiGate will naturally send out an ARP request to try and get it. (assuming the FortiGate has an IP in the same subnet, of course)

 

To have immediate feedback, you can run sniffer for ARP traffic on the relevant interface (diag sniffer packet <interface> "arp" 4 0 a).

[ corrections always welcome ]

View solution in original post

7516
4 REPLIES 4
Yurisk
SuperUser
SuperUser

Created on ‎07-27-2022 04:09 AM

Nope, there is no such thing in the Fortigates. 

Yuri Slobodyanyuk
Yuri Slobodyanyuk
7520
pminarik
Staff
Staff

Created on ‎07-27-2022 05:15 AM Edited on ‎07-27-2022 05:16 AM

No command specifically for that, but you can just run "exe ping <specific-ip>". If the IP/MAC isn't already in its ARP table (get sys arp), the FortiGate will naturally send out an ARP request to try and get it. (assuming the FortiGate has an IP in the same subnet, of course)

 

To have immediate feedback, you can run sniffer for ARP traffic on the relevant interface (diag sniffer packet <interface> "arp" 4 0 a).

[ corrections always welcome ]
7517
Lupo
New Contributor
In response to pminarik

Created on ‎07-27-2022 05:38 AM

Thank you for your reply! Sniffing for the - possibly multiple - ARP replies is a good idea (together with manually clearing the ARP entry in question before the exec ping).

I had a specific case where I suspected someone used an interface IP of the FortiGate as a system IP address. Do you have any ideas how to proceed in such a scenario?

7512
0 Kudos
pminarik
Staff
Staff
In response to Lupo

Created on ‎07-27-2022 06:19 AM

As for fixing the current problem right now, all you can do is sniff the traffic and try to identify and remove/fix the offending device.

 

As for future prevention: If you have a FortiSwitch, consider deploying ARP inspection to prevent IP spoofing - https://docs.fortinet.com/document/fortiswitch/7.0.4/administration-guide/500016/dynamic-arp-inspect... .

 

If you have a third-party switch, check their documentation for a similar feature that you could utilize.

 

I don't think a lone FortiGate (using a dumb switch, or an internal switch of the FortiGate) can do anything about it on its own. (corrections welcome)

[ corrections always welcome ]
7508
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.