Hello, can someone take advice, why I cannot ping router interface and therefore internet from Linux?
Traceroute from Linux is useless -> no information
I have static default 0 route from FortiGate pointing to 23.1.2.1. I have policy from port 3 to port 2. And I have central SNAT from port 3 to port 2, where I translate to outgoing interface - no hit count.
When I try to diagnose, I see only echo request and no echo reply. I dont know why. Any tip?
What is working is ping from Linux to fortigate:
10.10.10.49/24 ping to 10.10.10.71/24 -> ok
10.10.10.49/24 ping to 23.1.2.71/24 -> ok - policy take that traffic, I have some bytes
10.10.10.49 ping to 23.1.2.1 -> not ok - policy doesn't work, No more bytes
10.10.10.49 ping to 8.8.8.8 -> not ok
Also ping from Fortigate to internet 8.8.8.8 is working
FortiGate ping to 8.8.8.8 -> ok
Please help and bear with me. I am a new guy in Fortinet
Hi,
Can you rerun the debug flow with these two commands:
diag debug flow show func en
diag debug flow show iprope en?
Hi Adrian,
can you please tell me, how exactly should I type these commands. In which queue. Please bear with me, because I am new in Fortinet. I have typed commands like this. I don't know whether it is ok or don't. Please check output and let me know. Thank You
Hi Matie.
Please use the below-mentioned commands,
diag deb disable
diag deb reset
diag deb flow filter daddr x.x.x.x
diag deb flow filter proto 1
diag debug flow show iprope en
diag deb flow sh fun en
diag deb flow trace start 999
diag deb en
You can replace x.x.x.x with the destination IP and you can use any destination.
I suggest you to use 4.2.2.2, also please try to send 2 or 3 packets.
Kindly avoid continuous ping
Hi Arunkumar
I have issued the commands as you mentioned. This is final output. I hope it helps. Please let me know what you see in this output. I hope there is an answer for my problem. Thank you.
Dear Matie.
Could you please copy and paste the complete output/image.
This might be silly question, can you share with me output "show system settings"?
I am sorry. I have never did the debugs. Here you can find output from show system settings. The output of previous commands are repeating. I have made 3 pings. Second picture is output of these commands. I am pinging from linux device.
Created on 09-01-2022 06:46 AM Edited on 09-01-2022 06:59 AM
I gave you complete output. I am pinging from linux device. I have never did the debug on fortigate yet. I am like a fortinet virgin :D. So please check output of commands what have you typed and let me know if something missing.
Hi Akumarr,
can you please tell me, why is my output so short? Why it doesn't display policies, NAT translation? I have configured policies and NAT. It looks like it shows only static route. I dont understand why I dont see other things. What should I do to configure it right way? Thank You. I will send other outputs if you want and tell me what output you need.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.