Ping from fortigate doesn't work



Someone could tell me why I can ping a remote private IP address from my machine (which is behind my fortigate) but I can't ping the same machine from my fortigate ?


Traceroute doesn't work either.




You need to describe your network topology how to get to from your FGT to let others to answer your question.

Could be many different reasons depending on where is in relation to your firewall.  First thing to consider is by default, the source address of the ping packet from the fortigate will be the address of the interface the ping packet is going out.  So, since your machine is on the other side of the firewall, the source address of your ping from there will be from a different network than the source of your fortigate ping packets going to


With this in mind, if is more than one hop away from the Fortigate, then that target may not know the route back to the subnet on the "outside" of your firewall but still be able to route back to the subnet your machine sits on.  Or, there could be firewall rules further upstream that don't allow traffic from that "outside" subnet.


Or, if your Fortigate is terminating a VPN tunnel to the remote subnet, then it won't be tunneling the outside subnet where your Fortigate ping packets are coming from.  In this instance, try setting the ping-options source address to the "inside" ip of your Fortigate - "exec ping-options source x.x.x.x".


Or another issue could be that the remote subnet is over a VPN tunnel that is terminated elsewhere up the line and the "outside" subnet is not included in the tunnel selectors.  Also use the ping-options source to set to the inside IP of your Fortigate to get around this.


This is not an exhaustive list of what the issue might be given what little information you've provided, but it's a good place to start.



