Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mac26
Visitor

Created on ‎09-25-2025 10:51 AM

ping fail from wan interfaces

hey all

 

first off, my english is not great, so if anything is confusing, please let me know

 

okay, i have remote sites under my control connected to my main site via multiple VPN tunnels, one for each physical WAN interface IP

 

in these remote sites, some have only have internet access via the main tunnel and some also have another ppoe connection on wan2 via some other local isp, some have sd-wan configured, but in all of them, for some reason, i can't ping from wan interfaces to outside

 

when i try, it either gives me :

 

remote-site1 # exe ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

 

or when directly specifying the interface:

 

remote-site1 # exe ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)

 

no matter what interface or source ip i specify, it will not ping, but internet is working fine on every site

 

and as for the most obvious setting, yes i do have it enabled for every site/interface under allowaccess ping, and i also tried creating every kind of policy, but nothing changes

 

any ideas i could try? traceroute also doesn't work, also tried running diagnose but same thing, says unreachable

 

remote-site1 # diagnose sniffer packet any 'host 192.168.88.10 and icmp' 4 0 l
interfaces=[any]
filters=[host 192.168.88.10 and icmp]
2025-09-25 10:35:50.143305 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:50.143344 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:51.139763 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:51.139796 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:51.578997 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579013 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579022 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579032 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579041 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579050 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579054 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579075 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579079 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579082 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579090 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:51.579094 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:52.134865 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:52.134905 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:53.133677 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:53.133719 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:54.145214 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:54.145259 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:54.668996 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669013 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669023 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669033 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669042 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669051 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669055 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669076 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669080 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669088 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669092 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:54.669095 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:55.152766 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:55.152809 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:56.144836 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:56.144884 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:57.143826 wan1 in 192.168.88.1 -> 192.168.88.10: icmp: echo request
2025-09-25 10:35:57.143869 wan1 out 192.168.88.10 -> 192.168.88.1: icmp: echo reply
2025-09-25 10:35:57.738996 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739014 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739024 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739033 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739042 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739051 root out 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739055 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739077 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739086 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739090 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739094 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
2025-09-25 10:35:57.739097 root in 192.168.88.10 -> 192.168.88.10: icmp: host 172.25.14.2 unreachable
^C
222 packets received by filter
0 packets dropped by kernel

 

one last thing, from main site i can ping just fine, i have main connection on dmz and secondary isp on wan1 and ping works for both

appreciate any help or suggestions that could point me in the right direction 

Labels:
47
0 Kudos
1 REPLY 1
AEK
SuperUser
SuperUser

Created on ‎09-25-2025 12:29 PM Edited on ‎09-25-2025 12:29 PM

Hi Mac

This is usually seen when WAN IP has more than 1 IP address. In that case this can be fixed by selecting the source IP address. And FGT services can be set with local out routing.

AEK
AEK
31
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.