- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can´t ping ippool from cli @120G 7.2.9 - works fine @80F 7.2.9
Hi,
i have these firewall in a test setup (for production) and each has a basic setup.
Internal LAN with DHCP, two WAN interfaces, a SD-WAN setup, a single firewall rule for internet traffic.
A simple 0.0.0.0/0.0.0.0 static route using SD-WAN and a IP Pool address.
IP Pool address 172.17.5.1 with overload and ARP enabled.
If i do this on a FG 80F with 7.2.9 i am able to ping this IP from CLI.
ICMP is sent from root interface
FortiGate-80F # diagnose sniffer packet any 'host 172.17.5.1' 4
filters=[host 172.17.5.1]
13.410881 root out 172.17.5.1 -> 172.17.5.1: icmp: echo request
13.410891 root in 172.17.5.1 -> 172.17.5.1: icmp: echo request
How would i solve this in a 120G with 7.2.9
FortiGate-120G # diagnose sniffer packet any 'host 172.17.5.1' 4
filters=[host 172.17.5.1]
2.693988 port2 out 85.132.211.22 -> 172.17.5.1: icmp: echo request
3.694028 port2 out 85.132.211.22 -> 172.17.5.1: icmp: echo request
Both, 120G and 80F have WAN1 / static and WAN2 / DHCP.
SD-WAN has both WAN interfaces as a member.
What do i need to change?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jab,
Have you configured ippool ip address as secondary ip address on wan interface ?
Can you please try to assigned ip address as secondary ip address on interface and try to ping.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-a-secondary-IP-on-a-FortiGate-interfac...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi tpatel,
that would not work..
Once a IP Pool Address is a defined as a SNAT (Overload) you can´t add this as a secondary IP adresse.
But i tried as suggested: "This IP address is already in use by device MAC"
my question is, why does a 80F works fine here and a 120G does not?
I need this IP Pool address as a SNAT IP in one of the firewall rules.
Even if the fw rule is not yet created, the 80F does respond by ping in the CLI.
So, i tried the next Release 7.4.5 build 2702 and under this Release, this works fine.
I upgraded to 7.4.5 and the ping from CLI is fine.
FortiGate-120G # diagnose sniffer packet any 'host 172.17.5.1' 4
interfaces=[any]
filters=[host 172.17.5.1]
11.882574 root out 172.17.5.1 -> 172.17.5.1: icmp: echo request
11.882577 root in 172.17.5.1 -> 172.17.5.1: icmp: echo request