pinging 192.168.1.99 fails

Report Inappropriate Content · ‎12-21-2006

DHCP sets this to 192.168.1.110 and it can not ping 192.168.1.99 which we all know is the default for internal into which it is plugged (port 3 on the back) ... so what gives? I can browse the web and ping a dns server 204.60.0.2 but can' t ping or http into the damn fortinet. HTTP and PING are ON for internal and this works with my 50A so what' s wrong with this 60AM? bash-3.1# ifconfig eth0 Link encap:Ethernet HWaddr 00:07:E9:71:24:60 inet addr:192.168.1.110 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::207:e9ff:fe71:2460/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:87 errors:0 dropped:0 overruns:0 frame:0 TX packets:99 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:50924 (49.7 Kb) TX bytes:16019 (15.6 Kb) Base address:0xdb40 Memory:fe9e0000-fea00000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2723 errors:0 dropped:0 overruns:0 frame:0 TX packets:2723 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:303460 (296.3 Kb) TX bytes:303460 (296.3 Kb) bash-3.1# ping 192.168.1.99 From 192.168.1.110 icmp_seq=1 Destination Port Unreachable From 192.168.1.110 icmp_seq=1 Destination Port Unreachable From 192.168.1.110 icmp_seq=1 Destination Port Unreachable From 192.168.1.110 icmp_seq=1 Destination Port Unreachable --- 192.168.1.99 ping statistics --- 0 packets transmitted, 0 received, +136 errors bash-3.1# ping 204.60.0.2 PING 204.60.0.2 (204.60.0.2) 56(84) bytes of data. 64 bytes from 204.60.0.2: icmp_seq=1 ttl=251 time=10.5 ms 64 bytes from 204.60.0.2: icmp_seq=2 ttl=251 time=10.6 ms 64 bytes from 204.60.0.2: icmp_seq=3 ttl=251 time=11.6 ms 64 bytes from 204.60.0.2: icmp_seq=4 ttl=251 time=10.8 ms

Report Inappropriate Content · ‎12-21-2006

In addition to the above mentioned problem - I set the dns of the dhcp to the internal address too, 192.168.1.99 or in the case of the wlan to its gateway address of 10.10.80.1 and sometimes it works and sometimes it doesn' t resolve. So I have been putting 4.2.2.1 there, which is an open UUNET DNS address... this works, but lets configure it right. FortiWiFi-60AM # show #config-version=FWF60M-3.00-FW-build400-061002:opmode=0:vdom=0 #buildno=0400 config system global set authtimeout 15 set hostname " FortiWiFi-60AM" set ntpserver " 132.246.168.148" set syncinterval 60 set timezone 04 end config system accprofile edit " prof_admin" set admingrp read-write set authgrp read-write set avgrp read-write set fwgrp read-write set ipsgrp read-write set loggrp read-write set mntgrp read-write set netgrp read-write set routegrp read-write set spamgrp read-write set sysgrp read-write set updategrp read-write set vpngrp read-write set webgrp read-write next end config system admin edit " admin" set accprofile " super_admin" set vdom " root" next end config system interface edit " internal" set vdom " root" set ip 192.168.1.99 255.255.255.0 set allowaccess ping https ssh http telnet set type physical next edit " dmz" set vdom " root" set ip 1.1.1.3 255.255.255.0 set allowaccess ping https set type physical next edit " wan1" set vdom " root" set mode dhcp set allowaccess https ssh set type physical set defaultgw enable next edit " wan2" set vdom " root" set ip 192.168.101.99 255.255.255.0 set allowaccess ping set type physical next edit " wlan" set vdom " root" set ip 10.10.80.1 255.255.255.0 set allowaccess ping https set type wireless set wifi-ssid " belkin" next end config system ha set override disable end config system dns set primary 65.39.139.53 set secondary 65.39.139.63 set autosvr enable set fwdintf " internal" " wlan" " dmz" end config system replacemsg mail " email-block" set buffer " Potentially Dangerous Attachment Removed. The file \" %%FILE%%\" has been blocked. File quarantined as: \" %%QUARFILENAME%%\" ." set format text set header 8bit end config system replacemsg mail " email-virus" set buffer " Dangerous Attachment has been Removed. The file \" %%FILE%%\" h s been removed because of a virus. It was infected with the \" %%VIRUS%%\" viru . File quarantined as: \" %%QUARFILENAME%%\" ." set format text set header 8bit end config system replacemsg mail " email-filesize" set buffer " This email has been blocked. The email message is larger than he configured file size limit." set format text set header 8bit end config system replacemsg mail " partial" set buffer " Fragmented emails are blocked." set format text --More--

Report Inappropriate Content · ‎12-21-2006

I plugged a windows box into the switch part and boom, I can ping 1.99 fine. I boot from that linux box everyday though, as I said, from my 50A without a pinging problem - so what is causing that nonesense? thanks, gsgi

Fireshield · ‎12-22-2006

Have you done a packet sniff of this anomaly, from both the PC and the FGT?

FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT

mhe · ‎12-22-2006

what happens if you do a ping and traceroute from the FG to the linux box?

Report Inappropriate Content · ‎12-22-2006

well thanks for helping me out. i am pretty sure I ran a packet sniff on the fg and it did not report anything. I' ll try a fg-> linux ping and traceroute when I get the fg back, I had to loan it out to substitute for a misbehaving router. thankfully that is a windows environment which isn' t seeing the issue. as for another issue I' d appreciate your input on:

In addition to the above mentioned problem - I set the dns of the dhcp to the internal address too, 192.168.1.99 or in the case of the wlan to its gateway address of 10.10.80.1 and sometimes it works and sometimes it doesn' t resolve. So I have been putting 4.2.2.1 there, which is an open UUNET DNS address... this works, but lets configure it right.

I did check the three boxes in options to share dns with internal, dmz and wlan