Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
minhthanh114
New Contributor II

Created on ‎02-26-2024 08:55 PM

I can't connect to IP on the interface.

Dear All,

I'm using the FortiGate 100D and I am using 802.3ad Aggregate interface. One another device is plugged into another port of the FortiGate (port 3) (IP static is 10.199.139.200). I have created one policy for I can go to that port 3 but I can't ping to the IP 10.199.139.200 when I'm in the 802.3ad Aggregate interface network. I can ping that IP from FortiGate. I don't why? 

720
0 Kudos
1 Solution
minhthanh114
New Contributor II
In response to srajeswaran

Created on ‎02-26-2024 11:16 PM

Dear, 

Thank' a lot, maybe I will research again.

View solution in original post

602
0 Kudos
14 REPLIES 14
srajeswaran
Staff
Staff

Created on ‎02-26-2024 08:59 PM

Can you collect "diag sniffer packet any "host 10.199.139.200" 10, from Fortigate while you try to ping from the aggregate interface network? This will help us to confirm if the packet is reaching fortigate or not and then decide further torubleshooting steps.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

468
minhthanh114
New Contributor II
In response to srajeswaran

Created on ‎02-26-2024 09:37 PM

Dear srajeswaran,

How I can send you packet-capture.pcap file, I'm new member.

460
0 Kudos
srajeswaran
Staff
Staff
In response to minhthanh114

Created on ‎02-26-2024 09:58 PM

I don't think you can attach it, can you take a screenshot and paste it?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

453
minhthanh114
New Contributor II
In response to srajeswaran

Created on ‎02-26-2024 10:07 PM

Dear,

You mean this one?

screenshot_1709013933.png

 

443
0 Kudos
srajeswaran
Staff
Staff
In response to minhthanh114

Created on ‎02-26-2024 10:11 PM

yeah, on this one I see ICMP from 10.199.139.200 to 10.199.139.1, similarly , can you capture when you try to ping 10.199.139.200 ?

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

436
minhthanh114
New Contributor II
In response to srajeswaran

Created on ‎02-26-2024 10:26 PM

Dear Mr,

That is the capture from FortiGate while I ping from the aggregate interface network. This is capture from Wireshark software while I ping from the aggregate interface network to "10.199.139.200".

222.png

 

428
0 Kudos
srajeswaran
Staff
Staff
In response to minhthanh114

Created on ‎02-26-2024 10:30 PM

Open fortigate CLI as below and run " diag sniffer packet any "host 10.199.139.200" 10 "

This will confirm if the ICMP packet from your PC is reaching the firewall or not.

 

image.png

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

425
0 Kudos
minhthanh114
New Contributor II
In response to srajeswaran

Created on ‎02-26-2024 10:37 PM

Send to you,

 

33.png

418
0 Kudos
srajeswaran
Staff
Staff
In response to minhthanh114

Created on ‎02-26-2024 10:42 PM

We don't see the packet from 10.199.129.149 reaching Fortigate.


is this the simple topology?
(10.199.139.200)Port3 [FortiGate]Aggregate---------------------PC(10.199.129.149)

Can you confirm the Ip/subnet mask for your PC, port3, aggregate interfaces.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

415
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.