hello
i have strange problem.
i have fortigate 60. the problem is i can't ping from CLI console some IP addreses.
for example, i have server with ip 192.168.1.15
ping to this address gives 100% packet loss
if i change ip of the server to 192.168.1.5 the ping working fine.
i can't find anything blocking addresses 192.168.1.11-192.168.1.20
anyone have idea why is it?
thanks.
Solved! Go to Solution.
Hi,
Is there some device in between the server and FortiGate? A good idea would be to check if the FortiGate has learned the mac address of server in the arp table
#get sys arp
Also see if there is a specific route for destination 192.168.1.15 in the routing table
#get router info routing-table all
Next, sniff on the interface connecting to FortiGate for packets send to server
#diagnose sniffer packet <interface name> 'host 192.168.1.15' 4
Ping to the server from another CLI , and check the packets captured
Regards
Hi,
Is there some device in between the server and FortiGate? A good idea would be to check if the FortiGate has learned the mac address of server in the arp table
#get sys arp
Also see if there is a specific route for destination 192.168.1.15 in the routing table
#get router info routing-table all
Next, sniff on the interface connecting to FortiGate for packets send to server
#diagnose sniffer packet <interface name> 'host 192.168.1.15' 4
Ping to the server from another CLI , and check the packets captured
Regards
it working know
i had ssl vpn configurated for this addreses.
thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.