Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
achref
New Contributor

Created on ‎06-23-2021 01:47 AM

SLA Performance

Hello

the SLA Performance ( packet loss, letency and jitter still down) and i can't ping throught the tunnel

PS: i can ping to the ip of tunnel.

can you help me to fixe this error please! image bellow

sla (2).png
Preview file
4 KB
2519
0 Kudos
2 REPLIES 2
emnoc
Esteemed Contributor III

Created on ‎06-23-2021 02:45 AM

The "diag debug flow" would be my 1st option

 

Areas I would look at very closely;

 

1: do you have routes ( from and to )  between the src/dst

 

2: the device your ping does it allow pings

 

3: any specific policy  local or allow access blocking the pings

 

4: can you do a diag sniffer packet any "host x.x.x.x or y.y.y.y" 4

x.x.x.x and y.y.y.y would be your targets. Do you see pings? if yes on what interface? Is it the correct interface ? Review diag debug flow.

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2026
0 Kudos
achref
New Contributor
In response to emnoc

Created on ‎06-23-2021 03:11 AM

@stronswan

 

thank you for your response

about dia debug flow nothing is showing

1/ yes i have routes and i can ping through the interface physique in both side

2/yes the device allow ping

3/

Fortinet1 # dia sniffer packet any "host 10.254.10.10 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.10.10 and icmp]

 

Fortinet1 # dia sniffer packet any "host 10.254.2.22 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.2.22 and icmp] 0.973559 T1S1 out 10.11.11.11 -> 10.254.2.22: icmp: echo request 0.973648 T2S1 out 10.21.21.21 -> 10.254.2.22: icmp: echo request 1.474501 T1S1 out 10.11.11.11 -> 10.254.2.22: icmp: echo request 1.474548 T2S1 out 10.21.21.21 -> 10.254.2.22: icmp: echo request 1.975634 T1S1 out 10.11.11.11 -> 10.254.2.22: icmp: echo request 1.975717 T2S1 out 10.21.21.21 -> 10.254.2.22: icmp: echo request

 

 

Fortinet0 # dia sniffer packet any "host 10.254.151.100 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.151.100 and icmp]

 

 

Fortinet0 # dia sniffer packet any "host 10.254.101.1 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.101.1 and icmp]

 

 

PS: 10.254.2.22 ip of device behind the fortigate 0

10.254.10.10 ip interface physique of the fortigate 0

10.254.151.100 ip interface physique of the fortigate 1

10.254.101.1 ip device behind fortigate 1

10.11.11.11 ip tunnel 1

10.21.21.21 ip tunnel 2

2027
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.