Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
R1chou
New Contributor

Ping from fortigate doesn't work

Hello,

 

Someone could tell me why I can ping a remote private IP address from my machine (which is behind my fortigate) but I can't ping the same machine from my fortigate ?

 

Traceroute doesn't work either.

 

Regards,

2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

You need to describe your network topology how to get to 10.148.36.140 from your FGT to let others to answer your question.

m0j0
New Contributor III

Could be many different reasons depending on where 10.148.36.140 is in relation to your firewall.  First thing to consider is by default, the source address of the ping packet from the fortigate will be the address of the interface the ping packet is going out.  So, since your machine is on the other side of the firewall, the source address of your ping from there will be from a different network than the source of your fortigate ping packets going to 10.148.36.140.

 

With this in mind, if 10.148.36.140 is more than one hop away from the Fortigate, then that target may not know the route back to the subnet on the "outside" of your firewall but still be able to route back to the subnet your machine sits on.  Or, there could be firewall rules further upstream that don't allow traffic from that "outside" subnet.

 

Or, if your Fortigate is terminating a VPN tunnel to the remote subnet, then it won't be tunneling the outside subnet where your Fortigate ping packets are coming from.  In this instance, try setting the ping-options source address to the "inside" ip of your Fortigate - "exec ping-options source x.x.x.x".

 

Or another issue could be that the remote subnet is over a VPN tunnel that is terminated elsewhere up the line and the "outside" subnet is not included in the tunnel selectors.  Also use the ping-options source to set to the inside IP of your Fortigate to get around this.

 

This is not an exhaustive list of what the issue might be given what little information you've provided, but it's a good place to start.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors