Ping from specific source IP

Y C · ‎11-08-2019

Is there anyway in FTD cli (or FMC cli/gui?) directly to launch a ping with a specific source IP address? The firewall has an external ip on the outside interface. The outside nat pools have other ips in that subnet. I suspect a third party is blocking specific ips of our block and I'd like to test by sourcing pings from individual addresses by launching them directly from the outside so I'm not at the mercy of NAT picking from the pool during translation. Just question-marking my way through it... seems its not available unless I'm missing something

> ping interface OUTSIDE google.com ?
data specify data pattern
repeat specify repeat count
size specify size
timeout specify timeout interval
validate validate reply data
<cr>

Rob Ingram · ‎11-08-2019

Hi,

I didn't intitally think you could, you can, but only if you do a tcp ping. Reference here. You would use the syntax - "ping tcp destip destport source ip port"

HTH

Y C · ‎11-08-2019

Neat! Ok... that doesn't seem to be working as anticipated though.

For example - if I do "ping tcp interface OUTSIDE destip 443" it goes out the ip address assigned to the outside interface and I get a successful response back.

If I do "ping tcp interface OUTSIDE destip 443 source sourceip 0" it fails. I tried with sourceip being the same as the OUTSIDE interface address (which should be the same as the command above...), various IP's in the block, various source port numbers... still failed.