- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: FG100F LAN interface traffic
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG100F LAN interface traffic
i have one new FG100F running on FortiOS 7.2.5.
i noticed that there is some issues using the firewall LAN IP, 172.32.xx.1.
i can ping the LAN IP from same subnets or other subnets but i cannot ping from the LAN IP of the firewall to other IP address.
i also tried adding this firewall to my log Analyzer for syslog logging but no traffic from the firewall to the syslog server.
all the polices are already created to and from the firewall LAN IP.
Labels:
- Labels:
-
FortiGate
- « Previous
-
- 1
- 2
- Next »
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
# di hardware deviceinfo nic port3
Description :FortiASIC NP6XLITE Adapter
Driver Name :FortiASIC NP6XLITE Driver
Board :100F
lif id :8
lif oid :72
netdev oid :72
Current_HWaddr 84:39:8f:a7:60:30
Permanent_HWaddr 84:39:8f:a7:60:30
========== Link Status ==========
Admin :up
netdev status :up
autonego_setting :1
link_setting :1
speed_setting :1000
duplex_setting :0
Speed :1000
Duplex :Full
link_status :Up
============ Counters ===========
Rx Pkts :159571037
Rx Bytes :18291058890
Tx Pkts :675617744
Tx Bytes :958872761579
Host Rx Pkts :0
Host Rx Bytes :0
Host Tx Pkts :7
Host Tx Bytes :532
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0
sw_rx_pkts :159571037
sw_rx_bytes :19265744371
sw_rx_mc_pkts :834192
sw_rx_bc_pkts :45168
sw_tx_pkts :675617413
sw_tx_bytes :961603971227
sw_tx_mc_pkts :9
sw_tx_bc_pkts :60636
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're unable to ping other IP addresses from the LAN IP of your Fortinet FG100F firewall, or you're not seeing any traffic from the firewall to the syslog server, there could be a number of potential issues at play. Here are a few troubleshooting steps you may want to consider:
1. **Check the Policies:** You mentioned that the policies are already created to and from the firewall LAN IP. Please confirm if they are correctly set. Ensure that the policies allow ICMP (for ping) and UDP/TCP port 514 (for Syslog) traffic from the firewall to the rest of the network. Also, make sure these policies are applied in the correct direction.
2. **Source Interface Configuration:** When configuring the firewall to send logs to a syslog server, you need to specify the source interface. Ensure that the correct interface is selected (in this case, the LAN interface).
3. **Check Routing:** The routing configuration on the firewall and other network devices should be checked. If the routing tables aren't configured properly, the firewall might not know the correct path to the syslog server or other network devices.
4. **Firewall System Settings:** Ensure that the option 'ping' is enabled in the admin settings on the Fortinet firewall. Also, make sure that the option to send logs to a syslog server is enabled.
5. **Syslog Server Settings:** Confirm if the syslog server is set up to receive logs on the correct port and that it's not blocking incoming connections. You could try sending logs from another device to test if the syslog server is functioning correctly.
6. **Network Infrastructure:** Sometimes, network devices like switches or routers might have ACLs or other security mechanisms that block certain types of traffic.
If after checking these points you're still facing issues, it may be helpful to contact Fortinet's support for more specific troubleshooting. It's also always a good idea to make sure your device's firmware is up to date.
Let me know if you need further help with any of these steps.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Yeowkm99,
As you mentioned that from the firewall lan IP you can not ping to other IP address. Please let me know if you tried to ping Public IP address from firewall and if its working ?
Also collect below debug from fortigate by initiating interesting traffic and share the output to check and verify:
diagnose debug reset
diagnose debug disable
diagnose debug flow show fun en
diagnose debug flow filter clear
diagnose debug flow filter daddr <destination IP address>
diagnose debug flow filter proto 1
diagnose debug flow trace start 99
diagnose debug enable
NOTE: Replicate the issue, After 5-10sec, disable the logs by executing:
diagnose debug disable
Regards,
Parteek
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
from firewall LAN IP, i can ping 8.8.8.8 after creating a new rule to access WAN.
i just cannot ping from firewall LAN IP.
from other servers in the remote subnet can ping to other servers
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Could you please execute this command and see if it's pinging?
execute ping-options interface port3
execute ping <IP address>
BR,
Manosh
Created on 08-03-2023 01:04 AM Edited on 08-03-2023 01:13 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
# execute ping-options interface port3
FGT100F # execute ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1): 56 data bytes
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)
^C
--- 172.16.0.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
FGT100F # execute ping 172.16.0.11
PING 172.16.0.11 (172.16.0.11): 56 data bytes
sendto failed: 101(Network is unreachable)
^C
--- 172.16.0.11 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
even devices in the same subnet fails
FGT100F # execute ping 172.32.0.3
PING 172.32.0.3 (172.32.0.3): 56 data bytes
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)
sendto failed: 101(Network is unreachable)
^C
--- 172.32.0.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
100F # execute ping 172.32.0.15
PING 172.32.0.15 (172.32.0.15): 56 data bytes
sendto failed: 101(Network is unreachable)
^C
- « Previous
-
- 1
- 2
- Next »
Related Posts
- no traffic in IPSEC vpn tunnel... 39 Views
- L2 Traffic Forwarding 103 Views
- how fortigate SD-WAN ensure both sites... 195 Views
- Persistent One Way Audio Issues, no... 126 Views
- NAT after server migration 142 Views
Labels
-
FortiGate
6,664 -
FortiClient
1,328 -
5.2
801 -
5.4
639 -
FortiManager
577 -
FortiAnalyzer
421 -
6.0
416 -
5.6
362 -
FortiSwitch
342 -
FortiAP
339 -
FortiClient EMS
271 -
FortiMail
252 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
158 -
6.4
128 -
FortiNAC
109 -
FortiGuard
106 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
77 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
66 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
29 -
SD-WAN
29 -
High Availability
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
19 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
Logging
13 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
LDAP
11 -
fortilink
10 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SSO
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.