Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Windows PCs not ping the default gateway
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Windows PCs not ping the default gateway
I have a client with a a fortigate 70d, everything has been running fine since few months but now suddenly some windows machines are just not pinging the fortigate 70d lan interface IP. Ping is enabled on the fgt lan port as well.
Also user identity policies using ldap server are in place here and users can only get on to the internet through that. The machines which are facing the problems simply dont even ask for user auth in the browser as they cant get to the FGT in the first place. These machines which cant ping the gatewat fgt are able to ping the ldap server and other PCs on the network.
I also enabled debugging on the FGT to check for incoming packets and none show up.
FGT# diag debug enable FGT# diag debug flow filter add <PC1> FGT# diag debug flow show console enable FGT# diag debug flow trace start 100 FGT# diag debug enable Simple nothing shows up. This same office has other PCs which are using the internet fine as per the user id policies and also ping the fgt. My next course of action is to try wireshark to see what's wrong. Has anyone faced something like before? Any ideas also really appreciated. Thanks.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use the built-in sniffer on the FGT to look into the traffic on your LAN side:
diag sniffer packet lan 'icmp and host 192.168.333.444' 4This will show all pings on the LAN side involving host 192.168.333.444 (yes, these values are placeholders...).
If you don't even see these pings then your PCs have a real problem. Check the software firewall (Windows, AV suite) first.
You can also sniff for protocol 'arp' for ARP requests. Start with pinging the FGT's LAN interface (to exclude routing issues).
Are you, by any chance, using VLANs?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI thanks for the response.
From the wireshark capture i can see some STP packets related to the fortinet's lan interface. I dont have any idea on reading that data or using wireshark yet, but it clearly showed no icmp packets at all on the PCs with the issue and then i started connecting the PCs straight to fgt's internal port as the device is in switch mode and then used another small switch for some more problem PCs and things started working for now.
I have opened tickets with both fortinet and HP for the issue and handed the WS capture to fortinet, (the geniuses at hp dont even let you attach WS packet capture file).
But still some random PC somewhere would stop pinging the others or would stop pinging the gateway or drop its dhcp leased out ip, from the client's complaints.
For now i am down to figuring out if stp is acting weird here.
Not using VLANs at all. Also could you explain how does that place holder thing work? Never seen that IP before and googling it brought me back to this post itself.
ps: the forum's image and file uploading is not working correctly here
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you think of an STP issue you could take the FGT's interfaces out of STP. System > Interfaces, disable 'Use STP'. This option is enabled per default in v5.2.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A few years later an I'm seeing the same issue on our 900D HA pair.
We have about 10 different FGT Interfaces in use and the 10GB PORTA is divided into several VLANs.
One of these PORTA VLANs (10.0.0.0/22) has stopped replying to "pings" to the GW but the others haven't.
All of the other Interface GW's are working.
This firewall has been working fine for two years so for this to happen, and we do know the exact time it happened because several system and our alerting system that pings this GW all reported that it failed at 4:18:28PM give or take 10-sec 4/5/2017. One of this systems that failed at the time was vSphere HA.
Fortigate support has told me that its a problem with my VLAN tagging and I reject that for reason stated above.
As someone who has a support agreement I've pushed back so my question to the forum is has anyone else seen this?
I've needed to reboot this HA pair several time over the last two years and had to RMA one because of a failed drive but I can't reboot right now because of 24/7 business requirements.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The Windows PC in question; is it connected directly to the firewall ? Are all interfaces pingable right from PC ethernet port to firewall lan port?
What is the tracert output to lan interface of firewall from the the ip that's not working?
What gateway ip does ipconfig output show on pc working vs not working
and what is the Lan int ip of the firewall ?
Try setting static ip on PC that's not working, maybe you could use the ip of PC that is working. Then see if ping works.
If it works, then we know it is a routing problem or at least we know something is excluding this ip. If it doesn't, is physical layer ok?
Do both PC's belong to same vlan(if applicable)?
Objects ->addresses (if applicable) ?
I have few other ideas, but let me know how it goes :)...
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,735 -
FortiClient
1,774 -
5.2
801 -
FortiManager
734 -
5.4
639 -
FortiAnalyzer
562 -
FortiSwitch
476 -
FortiAP
473 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
320 -
6.2
251 -
SSL-VPN
248 -
FortiAuthenticator v5.5
234 -
IPsec
211 -
FortiWeb
206 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
105 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
84 -
Customer Service
80 -
Wireless Controller
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1732 | |
| 1105 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.