Intermediate Packet Drops in traffic.

Shantilal1998 · ‎06-23-2022

We have deployed Fortigate 3501F & It is connected to cisco Catalyst C9300-24T switch.

We are using 1G-SFP-RJ45 module on firewall side.

While trying to ping from the host that is behind the switch, we are facing intermediate packet drops. The destination host is behind the firewall.

Kindly suggest on this.

Anonymous · ‎06-24-2022

Hello,

Thank you for using the Community, further information would be useful to this topic. Can you please provide the following information for:

Which version is running on the FortiGate?
Verify that ping service are allowed on the concerned ports as follows:
1. show system interface portX
Can you confirm that you have configured a firewall policy and enable the ping? (hostSW to hostFGT)?

Shantilal1998 · ‎06-24-2022

1. FortiOS 6.4.6 Build 6135

2. Checked,Ping is allowed & traffic is going through the firewall not to the firewall itself.

3. Yes, Policy has been already configured.

Anonymous · ‎06-24-2022

Hello,

I don't quite understand what do you mean by "traffic is going through the firewall not to the firewall itself". Can you please elaborate this for me?

But it would be great if you could share the packet capture and trace flow.

Check the routing table, and verify that the subnets of the hosts are in the table.
1. get router info routing-table all
Use sniffer trace when running a constant ping from hostSW to hostFGT as follows:
1. diag sniffer packet portX 'addr hostSW' 4 0 L
Use debug flow, to help us understand if the ping is received, routed or blocked by FortiGate as follows:
1. diag debug enable
2. diag debug flow filter clear
3. diag debug flow filter addr <hostSW>
4. diag debug flow trace start 100

Intermediate Packet Drops in traffic.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website