FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190774



This article describes the FortiGate's ping options that can be used for various troubleshooting purposes. Particularly useful options are repeat-count and source.


From the CLI, type the following command to see all options :

FGT#  execute ping-options ?

# execute ping-options adaptive-ping <enable|disable>

# execute ping-options data-size <bytes>

# execute ping-options df-bit {yes | no}

# execute ping-options pattern <2-byte_hex>

# execute ping-options repeat-count <repeats>

# execute ping-options source {auto | <source-intf_ip>}

# execute ping-options timeout <seconds>

# execute ping-options tos <service_type>

# execute ping-options ttl <hops>

# execute ping-options validate-reply {yes | no}

# execute ping-options view-settings

# execute ping-options use-sdwan <yes | no>

# execute ping-options reset


Keyword Description Default


- adaptive-ping <enable|disable> FortiGate sends next packet as soon as the last response is received.

- data-size <bytes> Specify the datagram size in bytes.

- df-bit {yes | no}Set df-bit to yes to prevent the ICMP packet from being fragmented. Set df-bit to no to allow the ICMP packet to be fragmented.

- pattern <2-byte_hex> Used to fill in the optional data buffer at the end of the ICMP packet. The size of the buffer is specified using the data_size parameter. This allows you to send out packets of different sizes for testing the effect of packet size on the connection.

- repeat-count <repeats> Specify how many times to repeat ping.

- Source {auto | <source-intf_ip>} :Specify the FortiGate interface from which to send the ping.

If auto is specified, the FortiGate selects the source address and interface based on the route to the <host-name_str> or <host_ip>.

Specifying the IP address of a FortiGate interface is used to test connections to different network segments from the specified interface.

- timeout <seconds> Specify, in seconds, how long to wait until ping times out.

- tos <service_type> Set the ToS (Type of Service) field in the packet header to provide an indication of the quality of service wanted.

- lowdelay = minimize delay.

- throughput = maximize throughput.

- reliability = maximize reliability.

- lowcost = minimize cost.

- ttl <hops> Specify the time to live. Time to live is the number of hops the ping packet should be allowed to make before being discarded or returned.

- validate-reply {yes | no} Select yes to validate reply data.

- view-settings : Display the current ping-option settings.

 - use-sdwan <yes | no> - if set to yes, then ping will be following SD-WAN rules and policy routes. Usually used with other options, for example source, to match specific SD-WAN rule that as based on specific source address.

- reset - reset ping options to default values.