Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

public IPs is not reachable

Hi all,

 

I have been facing the issue for a long time and couldn't resolve the issue, I thought, should share my query with you all.

let me explain first - 

Let's suppose - my public IP is - 1.1.1.1 which is the LAN IP pool that is natted at the Fortigate firewall and my site is hosting with its public IP.

and ping is also allowed for this ip.

so this IP should be reachable from every location like - USA. Singapore, India, etc.

actually, I am not able to ping this from a different -2 location even my laptop as well when I am trying to ping it.

Please share your opinion.

 

thank you

5 REPLIES 5
jintrah_FTNT
Staff
Staff

Hi Umesh,

 

Is this IP 1.1.1.1 configured on FortiGate interface? When you do tracert from that 2 locations  to 1.1.1.1, what is the last hop IP address seen? Is that last hop IP the same as the gateway IP address for FortiGate?

 

Best regards,

Jin

Umesh

No, this IP address is the LAN ip pool which has been provided by ISP and that is natted on Fortinet firewall lets suppose -

 

1.1.1.1 - 2.2.2.2 

 

why 1.1.1.1 is not reachable from outside even I have enabled ping for this policy.

and public IP always should be reachable from every location.

right.

what's your guess on this.

jintrah_FTNT

ok, so there is no 'real or virtual' host, or an interface that has IP 1.1.1.1 inorder to respond back, and the ippool is only used when traffic from lan to outbound is to be Nat'ed. Therefore, no response is expected. 

 

Best regards,

Jin

seshuganesh
Staff
Staff

Hi,

 

could you please execute these commands in firewall:

diag sniffer packet any 'a.b.c.d and icmp' 4 0 a (where a.b.c.d is the ip from where you are pinging your webserver public ip)

please initiate ping, check whether the packet is reaching the firewall or not and please keep us posted.

 

Also share us the screenshot of VIP configuration you have done in the fortigate firewall.

 

jintrah_FTNT

IP is used in ippool. VIP is not mentioned and therefore assumed not in use. 

 

Best regards,

Jin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors