Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sstm
New Contributor

Created on ‎11-27-2024 10:42 PM

Problem with DUP! ping

Hello,

I have a FortiGate 60F in transparent mode, behind a MikroTik router. I use port3 as external - connected to the mikrotik router and port4 as internal, which is connected to a mikrotik switch.

I followed the official documentation to set the FortiGate in transparent mode, and after that, because I have 12 VLANs set on my MikroTik router, I followed this technical note to setup the VLANs and forwarding domains.

 

I configured the forwarding domains, because without that, as soon I plugged the fortigate into the network, it created a loop.

Now with this configuration everything seems to be working fine, but when I try to run a ping from the fortigate, or from the MikroTik to the fortigate's management IP, I get DUP! packets:

 

Screenshot 2024-11-28 082648.png

 

It is my first time working with a fortinet device, I've read through a lot of the documentation, but I couldn't figure out what the issue is.
Thank you in advance for any input.
Labels:
713
0 Kudos
13 REPLIES 13
dingjerry_FTNT
Staff
Staff

Created on ‎11-27-2024 11:22 PM

Hi @sstm ,

 

Please share the outputs with the following CLI commands:

 

get sys status

show system setting   

show router static

 

I hope that you have no VDOM enabled.

Regards,

Jerry
484
0 Kudos
sstm
New Contributor

Created on ‎11-27-2024 11:28 PM

Hello,

Here is the output:

 

FortiGate-60F # get sys status
Version: FortiGate-60F v7.2.10,build1706,240918 (GA.M)
Security Level: 1
Firmware Signature: certified
Virus-DB: 92.09125(2024-11-27 22:26)
Extended DB: 92.09125(2024-11-27 22:25)
AV AI/ML Model: 3.01931(2024-11-27 22:45)
IPS-DB: 29.00911(2024-11-27 01:12)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 29.00910(2024-11-26 01:06)
FMWP-DB: 24.00111(2024-11-06 13:21)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 5.00247(2024-11-27 10:03)
IoT-Detect: 0.00000(2022-08-17 17:31)
Serial-Number:
BIOS version: 05000006
System Part-Number: P24286-03
Log hard disk: Not available
Hostname: FortiGate-60F
Private Encryption: Disable
Operation Mode: Transparent
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 0 in NAT mode, 1 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1706
Release Version Information: GA
System time: Thu Nov 28 09:26:26 2024
Last reboot reason: warm reboot

FortiGate-60F # show system setting
config system settings
    set opmode transparent
    set manageip 10.0.99.50/255.255.255.0
end

FortiGate-60F # show router static
config router static
    edit 1
        set gateway 10.0.99.1
    next
end
477
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to sstm

Created on ‎11-27-2024 11:37 PM

Hi @sstm ,

 

The dup! error means that there is a duplicated IP for the one you are pinging.

 

So did you see this issue only with 8.8.8.8?  How about you ping the gateway IP 10.0.99.1?

Regards,

Jerry
467
0 Kudos
sstm
New Contributor
In response to dingjerry_FTNT

Created on ‎11-27-2024 11:48 PM

I get this error, no matter what host I ping, even when I ping the gateway IP it's still the same.

459
0 Kudos
funkylicious
SuperUser
SuperUser
In response to sstm

Created on ‎11-27-2024 11:41 PM

Hi,

Try setting the gateway under the system settings instead.

config system settings
    set opmode transparent
    set manageip 10.0.99.50/255.255.255.0
    set gateway 10.0.99.1
end

 

 

"jack of all trades, master of none"
"jack of all trades, master of none"
464
0 Kudos
sstm
New Contributor
In response to funkylicious

Created on ‎11-27-2024 11:49 PM Edited on ‎11-27-2024 11:49 PM

Hello,

I get the following error when I try to do that:

 

# config system settings
# set opmode transparent
# set manageip 10.0.99.50/255.255.255.0
# set gateway 10.0.99.1

command parse error before 'gateway'
Command fail. Return code -61

 

456
0 Kudos
funkylicious
SuperUser
SuperUser
In response to sstm

Created on ‎11-28-2024 12:53 AM Edited on ‎11-28-2024 12:56 AM

Hi,

I was able to reproduce this in my lab.

It appears that you need to set the gateway as soon as you change the operating mode in transparent, after you end it it's no longer available to be set. I had to delete the vdom and create it again, then change the opmode in order to be able to set gateway , but it was just an idea of what to change in order to test if the DUP disappears.

 

"jack of all trades, master of none"
"jack of all trades, master of none"
400
0 Kudos
sstm
New Contributor
In response to funkylicious

Created on ‎11-28-2024 01:11 AM

Previously, when I first switched it to transparent mode, I had the management IP set as 10.0.0.227 and gateway as 10.0.0.1. I tried switching the IP back to that, but that didn't change anything.

389
0 Kudos
funkylicious
SuperUser
SuperUser
In response to sstm

Created on ‎11-28-2024 01:22 AM

Out of curiosity, is the management ip/subnet part of one of the 12 vlans that you have configured the forwarding domains ?

"jack of all trades, master of none"
"jack of all trades, master of none"
384
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.