Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sstm
New Contributor

Created on ‎11-27-2024 10:42 PM

Problem with DUP! ping

Hello,

I have a FortiGate 60F in transparent mode, behind a MikroTik router. I use port3 as external - connected to the mikrotik router and port4 as internal, which is connected to a mikrotik switch.

I followed the official documentation to set the FortiGate in transparent mode, and after that, because I have 12 VLANs set on my MikroTik router, I followed this technical note to setup the VLANs and forwarding domains.

 

I configured the forwarding domains, because without that, as soon I plugged the fortigate into the network, it created a loop.

Now with this configuration everything seems to be working fine, but when I try to run a ping from the fortigate, or from the MikroTik to the fortigate's management IP, I get DUP! packets:

 

Screenshot 2024-11-28 082648.png

 

It is my first time working with a fortinet device, I've read through a lot of the documentation, but I couldn't figure out what the issue is.
Thank you in advance for any input.
Labels:
712
0 Kudos
13 REPLIES 13
sstm
New Contributor
In response to funkylicious

Created on ‎11-28-2024 03:07 AM

Yes, it is part of the 12 vlans.

206
0 Kudos
sjoshi
Staff
Staff

Created on ‎11-28-2024 01:42 AM

Hi,

 

To address the issue of duplicate packets when pinging the FortiGate's management IP from the Mikrotik router, ensure that the VLAN configurations and forwarding domains are correctly set up on both devices. Verify that there are no misconfigurations causing packet duplication, such as overlapping VLAN IDs or incorrect forwarding domain assignments. Double-check the network paths and configurations to eliminate any potential loops or misrouting that could lead to duplicate packets during communication between the FortiGate and the Mikrotik devices.

Let us know if this helps.
Salon Raj Joshi
215
sstm
New Contributor
In response to sjoshi

Created on ‎11-28-2024 03:22 AM

Hello, 

There are no overlapping VLAN IDs on the mikrotik, on the fortigate each VLAN has the same ID on the external and internal interfaces, but that's how it was written in the technical note i posted in the first post.

198
0 Kudos
sjoshi
Staff
Staff
In response to sstm

Created on ‎11-28-2024 06:02 AM

Hi,

 

The DUP packets indicate that the ping command has received replies from the same IP address but with different MAC addresses.

 

Further it better to take 6  0 l packet capture to verify the reply MAC address there.

For your ref:-

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-capture-the-whole-packets-when-Pack...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Packet-Capture-on-FortiOS-GUI/ta-p/1...

Let us know if this helps.
Salon Raj Joshi
176
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.