Hello, I have problem when doing config of allow PING setup against to Fortigate's interface. I have setup: - The WAN interface already set allow to PING. - No any policy to disallow any IP to PING Fortigate's Interface - It is not allow to ping until add the Source IP at Trusthost under user management
- No any policy with allow any(or someone) to access WAN interface IP. When checking with syslog. I find that previously was blocked by local-in-policy with Policy ID 0. However, don't know why it related to local-in-policy and Policy ID 0. It could not see anything under local-in-policy #show firewall local-in-policy config firewall local-in-policy end and could not find what inside of Policy ID 0 --syslog-- Sep 8 13:34:17 192.168.168.168 date=2017-09-08 time=13:34:17 devname=FG100XXXXXXX devid=FG100XXXXXXX logid="0001000014" type="traffic" subtype="local" level="notice" vd="VDOM-VDOM" logtime=1504848857 srcip=src_IP srcintf="wan2" srcintfrole="wan" dstip=wan_IP dstintf="VDOM-VDOM" dstintfrole="undefined" sessionid=427002255 proto=1 action="deny" policyid=0 policytype="local-in-policy" service="PING" dstcountry="DST Country" srccountry="Src Country" trandisp="noop" app="PING" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=5 craction=262144 crlevel="low"
----------- Could you please advise?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
When trusted hosts are configured they are also applied for ping.
"The trusted hosts apply to the web-based manager, ping, snmp and the CLI when accessed through SSH. CLI access through the console port is not affected."
The FGT needs a route to the source IP subnet. Either an explicit one or the default route (you do have one set, don't you?).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.