Re: Unable to ping directly connected port from Cisco 1941

akhildevv · ‎09-16-2020

Hi Guys,

Since last few days i am facing one issue.

one of my MPLS customer edge device LAN is directly connected to Fortigate Firewall Port.

The issue is i am able to ping from Fortigate FW to my router port. But unable to ping from router to FW port.

Router port === Gi0/1 === 172.16.255.217

Firewall Port === Port 13 === 172.16.255.218

Results:

Router:

CE#ping 172.16.255.218 so 172.16.255.217
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.255.218, timeout is 2 seconds:
Packet sent with a source address of 172.16.255.217
.....
Success rate is 0 percent (0/5)

FW:

FortiGate200E# exe ping 172.16.255.217

PING 172.16.255.217 (172.16.255.217): 56 data bytes

64 bytes from 172.16.255.217: icmp_seq=0 ttl=255 time=0.5 ms

64 bytes from 172.16.255.217: icmp_seq=1 ttl=255 time=0.3 ms

64 bytes from 172.16.255.217: icmp_seq=2 ttl=255 time=0.3 ms

64 bytes from 172.16.255.217: icmp_seq=3 ttl=255 time=69.1 ms

64 bytes from 172.16.255.217: icmp_seq=4 ttl=255 time=0.4 ms

--- 172.16.255.217 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 0.3/14.1/69.1 ms

FortiGate200E#

Appreciate your advise.

Thanks & Regards,

Akhil

balaji.bandi · ‎09-17-2020

Check on Fortigate FW , by default most FW set to deny by default.

here is rule to add Fortinet FW :

https://kb.fortinet.com/kb/documentLink.do?externalID=FD38540

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

akhildevv · ‎09-17-2020

Hi Balaji,

Ping rule is already allowed and enabled in the particular port. But still not sure why i can't ping from my cisco router even it is directly connected interface.

Regards,

Akhil

balaji.bandi · ‎09-17-2020

Can you post the router config to have a look ? also what you see on Fortigate Logs ? is the ping reached and allowed in the Logs ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help