Hi,
I can't ping WAN IPs from the LAN. The only IP address I can ping is the one configured on the WAN interface.
ES:
WAN interface - 192.168.10.1/29
LAN interface - 192.168.1.1/24
From the LAN if I ping the IP address 192.168.10.1 I will reach it. However, if I try to ping the IP addresses 192.168.10.2, 192.168.10.3, 192.168.10.4, 192.168.10.5 and 192.168.10.6, I cannot reach them
Have i nice day
Andrea
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Hiteco-Srl ,
You are unable to ping the remaining addresses that are part of the WAN subnet due to the absence of ARP entries for a specific IP address in the firewall. Consequently, the firewall fails to route the packet.
To successfully ping an IP address, it is necessary to configure a secondary IP within the relevant interface. This configuration enables you to ping the rest of the network.
Here is the article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interfac...
Hi Andrea
In addition to @maulishshah advice, in case you don't want to add it as secondary address for some reason or because you use them as VIP, you still can use these public IPs as VIPs to forward ping requests to some internal server if that's what you need.
Hi @Hiteco-Srl,
Can you try "execute ping-option source 192.168.10.1" and then "execute ping 192.168.10.2". Please make sure those device able to reply ping.
From the firewall I can ping all the IP addresses of the subnet both with the execute ping-option source command and without
Did you have a policy from Lan to Wan to allow traffic? Also is NAT enabled on the policy?
Hi @Hiteco-Srl ,
You are unable to ping the remaining addresses that are part of the WAN subnet due to the absence of ARP entries for a specific IP address in the firewall. Consequently, the firewall fails to route the packet.
To successfully ping an IP address, it is necessary to configure a secondary IP within the relevant interface. This configuration enables you to ping the rest of the network.
Here is the article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interfac...
Hi Andrea
In addition to @maulishshah advice, in case you don't want to add it as secondary address for some reason or because you use them as VIP, you still can use these public IPs as VIPs to forward ping requests to some internal server if that's what you need.
Hi guys,
Thank you so much for your super help.
Good day!!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.