- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Warning: Got ICMP 3 (Destination Unreachable)
FortiGate 7.4.4-1 in GNS3 unable to ping GNS3 VM, unable to ping windows 11 host machine, unable to ping gateway.
FortiGate IP address: 192.168.0.33/24
GNS3 VM IP address: 192.168.0.52/24
Windows IP address: 192.168.0.125/24
Default Gateway: 192.168.0.1/24
C:\Users\<username>ping 192.168.0.33
Pinging 192.168.0.33 with 32 bytes of data:
Reply from 192.168.0.125: Destination host unreachable.
Reply from 192.168.0.125: Destination host unreachable.
Reply from 192.168.0.125: Destination host unreachable.
Reply from 192.168.0.125: Destination host unreachable.
Ping statistics for 192.168.0.33:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Warning: Got ICMP 3 (Destination Unreachable)
FortiGate-7.4.4 (IP address: 192.168.0.33\24) running in GNS3 (2.2.47 version).
GNS3 VM (2.2.47 version with IP address: 192.168.0.52\24) running on Oracle VM Virtual Machine.
Windows 11 with IP-address: 192.168.0.125 with Default Gateway: 192.168.0.1
Able to ping GNS3 VM IP-address.
Unable to ping FortiGate below is the config details
config system interface
edit "port1"
set vdom "root"
set ip 192.168.0.33 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
set snmp-index 1
next
end
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No luck when tried the same on VMWare
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can check the arp table by running 'get system arp'. You can also run packet sniffer "di packet sniffer port1 'none' 4 0 l"
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you @hbac for the quick response
FortiFirewall-VM64-KVM # get system arp
Address Age(min) Hardware Addr Interface
FortiFirewall-VM64-KVM # diagnose sniffer packet any 'arp' 4
Using Original Sniffing Mode
interfaces=[any]
filters=[arp]
0.870537 port1 out arp who-has 192.168.0.1 tell 192.168.0.33
1.910426 port1 out arp who-has 192.168.0.1 tell 192.168.0.33
4.818708 port1 out arp who-has 192.168.0.1 tell 192.168.0.33
5.830426 port1 out arp who-has 192.168.0.1 tell 192.168.0.33
FortiFirewall-VM64-KVM # di packet sniffer port1 'none' 4 0 l
command parse error before 'packet'
Command fail. Return code -61
I see fortilink ip-address different from my network which is from class-c, but I see fortilink has class-c ip addresss as seen below
config system interface
edit "port1"
set vdom "root"
set ip 192.168.0.33 255.255.255.0
set allowaccess ping https http
set type physical
set snmp-index 1
next
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 14
next
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As you can see, FortiGate is sending arp requests but no response. It is a layer 2 issue.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to resolve layer2 issue? Is it known issue or a new issue with me?
I have tried using vmware player and still the same issue.
I mean how arp will update its table.
Do I need to run any command like "arp-scan -l"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this issue with the FortiGate-7.4.4 image or should I configure something to make it work?
I mean FortiGate supposed to connect with other devices and their addresses. But arp table seems to be empty. Any remedies that could help me to resolve this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Refer to the link below for more information
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was with the same problem and I found a solution.
Check if you have port mgmt on your equipment with "show system interface".
When you have this port the lab associate this with port1, so you need to configure the ip on the port mgmt.
The port1 on the equipment will be display as port2 on the lab.
I hope helped you!
Look the port1 have the ip 10.10.20.13/30
On the system it will appears as mgmt interface
