Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1394
Views
3
Helpful
13
Replies

Network issue

Go to solution
mohamed96lemin
Level 1
Level 1

‎01-27-2024 04:27 AM - edited ‎01-27-2024 05:45 AM

I have servers within the same LAN and VLAN, all connected through a switch, with the Fortigate serving as the gateway. Server 1 and Server 3 can successfully ping each other. However, I'm encountering an issue where neither Server 1 nor Server 3 can ping Server 2. Interestingly, I can ping Server 2 from the WAN side, passing through the Fortigate policy. I have already checked the firewall settings on the servers, and to further investigate, I connected my PC in place of Server 2 and found that it is pingable from the other servers.

OS: all servers running centos on the physical server and debian on the virtual server (they are not in the same physical) 

I'm feeling a bit confused about this situation. Can you please provide some guidance and assistance?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mohamed96lemin
Level 1
Level 1

‎01-30-2024 12:34 AM

thank you all i got the solution 

there was a vpn misconfigured in server 2

View solution in original post

0 Helpful
13 Replies 13

Go to solution
MichaelMcCoy
Level 1
Level 1

‎01-27-2024 04:47 AM

Still new to trying to assist others, so excuse me if this is too basic of a probable cause.  When you connected the PC in lieu of Server 2, did the PC receive the same IP address that server 2 was receiving?  The reason I ask is I am immediately thinking an ACL may be in place to disallow icmp from the servers.  

0 Helpful

Go to solution
mohamed96lemin
Level 1
Level 1
In response to MichaelMcCoy

‎01-27-2024 04:49 AM

yes i fixed the same ip on my pc 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-27-2024 04:50 AM

This looks for me Server2 having Firewall May be ) not sure what is Server 2 (Linux / windows Server ? or others ?)

From Server 2 are you able to ping own Gateway and Server 1 and Server 2 ?

You have mentioned only FortiGate here, you have not mentioned what Switches attached ? what each Server belong to what VLAN ? is the switch act as Layer 2 or Layer 3 ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
mohamed96lemin
Level 1
Level 1
In response to balaji.bandi

‎01-27-2024 05:35 AM

thank you for your replie 

yes i can ping server 1 from server2 but not opposite 

switch act as layer 2 

servers are in the same vlan 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to mohamed96lemin

‎01-27-2024 06:21 AM 

yes i can ping server 1 from server2 but not opposite

This sound lke local Server have FW - i have asked some question before ?

not sure what is Server 2 (Linux / windows Server ? or others ?)

try :

https://learn.microsoft.com/en-us/mem/intune/user-help/you-need-to-enable-defender-firewall-windows

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
mohamed96lemin
Level 1
Level 1
In response to balaji.bandi

‎01-27-2024 06:33 AM

thank you

i pointed that all servers running centos on the physical server and debian on the virtual server (they are not in the same physical)

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to mohamed96lemin

‎01-27-2024 06:52 AM

Centos generally new Server have iptables  enabled

for testing you can Flush ip tables :

iptables -xnvL (post output)

iptables -F

 

you can check as below :

ps -ef | grep ufw

ps -ef | grep firewall

you can disable if you running firewalld

systemctl status firewalld (check the status)

systemctl stop firewalld  (stop the firewall)  if you like to start again - systemctl start firewalld

 

If you using UFW firewal :

ufw status  (if this running )

ufw allow icmp (can allow ICMP)

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎01-27-2024 05:13 AM

All server in same VLAN so forti have no any rule in this traffic 

This traffic is l2 so it not pass throught forti.

You need to check FW on OS of server it can drop the ping.

MHM

Go to solution
liviu.gheorghe
VIP
VIP

‎01-27-2024 05:20 AM

Also check if server 2 has the correct mask for the subnet. A wrong/different mask would force the server to use the gateway.

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
Georg Pauwen
VIP
VIP

‎01-27-2024 06:46 AM

Hello,

can you post the output below from all three servers:

ip a

sudo ufw status

as well as the content of '/etc/hosts.allow' ?

0 Helpful

Go to solution
mohamed96lemin
Level 1
Level 1
In response to Georg Pauwen

‎01-27-2024 07:23 AM

server 1

69749d99-6c8a-453e-88ce-e28daf3d181c.jpg

dc4008cd-96d0-49f0-adc6-5139d1390094.jpg

effac598-856c-4e18-a4d6-e87eca6ecb39.jpg

 server 2

dc426f56-5e27-44ca-be3e-ff17a8597241.jpg

802a30d3-96ac-4ca4-96f1-1ab1f72a8bf1.jpg

3b286c49-2116-4c3b-8db0-f28bb107e1f5.jpg

0 Helpful

Go to solution
liviu.gheorghe
VIP
VIP
In response to mohamed96lemin

‎01-27-2024 07:37 AM

Another output nice to see is arp -a from all servers.

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Go to solution
mohamed96lemin
Level 1
Level 1

‎01-30-2024 12:34 AM

thank you all i got the solution 

there was a vpn misconfigured in server 2

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card