Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
achref
New Contributor

SLA Performance

Hello

the SLA Performance ( packet loss, letency and jitter still down) and i can't ping throught the tunnel

PS: i can ping to the ip of tunnel.

can you help me to fixe this error please! image bellow

2 REPLIES 2
emnoc
Esteemed Contributor III

The "diag debug flow" would be my 1st option

 

Areas I would look at very closely;

 

1: do you have routes ( from and to )  between the src/dst

 

2: the device your ping does it allow pings

 

3: any specific policy  local or allow access blocking the pings

 

4: can you do a diag sniffer packet any "host x.x.x.x or y.y.y.y" 4

x.x.x.x and y.y.y.y would be your targets. Do you see pings? if yes on what interface? Is it the correct interface ? Review diag debug flow.

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
achref
New Contributor

@stronswan

 

thank you for your response

about dia debug flow nothing is showing

1/ yes i have routes and i can ping through the interface physique in both side

2/yes the device allow ping

3/

Fortinet1 # dia sniffer packet any "host 10.254.10.10 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.10.10 and icmp]

 

Fortinet1 # dia sniffer packet any "host 10.254.2.22 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.2.22 and icmp] 0.973559 T1S1 out 10.11.11.11 -> 10.254.2.22: icmp: echo request 0.973648 T2S1 out 10.21.21.21 -> 10.254.2.22: icmp: echo request 1.474501 T1S1 out 10.11.11.11 -> 10.254.2.22: icmp: echo request 1.474548 T2S1 out 10.21.21.21 -> 10.254.2.22: icmp: echo request 1.975634 T1S1 out 10.11.11.11 -> 10.254.2.22: icmp: echo request 1.975717 T2S1 out 10.21.21.21 -> 10.254.2.22: icmp: echo request

 

 

Fortinet0 # dia sniffer packet any "host 10.254.151.100 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.151.100 and icmp]

 

 

Fortinet0 # dia sniffer packet any "host 10.254.101.1 and icmp" 4 Using Original Sniffing Mode interfaces=[any] filters=[host 10.254.101.1 and icmp]

 

 

PS: 10.254.2.22 ip of device behind the fortigate 0

10.254.10.10 ip interface physique of the fortigate 0

10.254.151.100 ip interface physique of the fortigate 1

10.254.101.1 ip device behind fortigate 1

10.11.11.11 ip tunnel 1

10.21.21.21 ip tunnel 2

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors