Home

FortiGate Ping Options for Troubleshooting

The FortiGate ping options outlined in this article serve various troubleshooting purposes. Among these options, the repeat-count and source options are particularly valuable.

When it comes to troubleshooting network issues using FortiGate devices, the ping command is a fundamental tool. The FortiGate firewall provides several options that can be utilized to enhance the effectiveness of ping operations. Below, we will explore these options in detail, including their syntax and use cases.

1. Basic Ping Command

The most straightforward way to use the ping command on a FortiGate device is simply by typing:

execute ping 

This command sends ICMP Echo Request packets to the specified destination IP address. It helps verify connectivity between the FortiGate device and another network device.

2. Specifying Packet Size

You can specify the size of the ICMP packet being sent using the size option:

execute ping size 

For example, if you want to send packets of 1500 bytes, you would use:

execute ping 192.168.1.1 size 1500

This option is useful for testing MTU (Maximum Transmission Unit) issues or when you suspect that packet fragmentation might be affecting connectivity.

3. Setting the Number of Pings

To control how many echo requests are sent, you can use the count option:

execute ping count 

For instance:

execute ping 192.168.1.1 count 5

This command will send five pings to the specified IP address, which can help in assessing intermittent connectivity issues.

4. Timeout Configuration

The timeout for each reply can also be adjusted with the timeout option:

execute ping timeout 

For example:

execute ping 192.168.1.1 timeout 2

This sets a timeout of two seconds for each reply before considering it lost, which is particularly useful in networks with variable latency.

5. Flood Ping Option

In scenarios where you need to stress test a connection or check for packet loss under heavy load, you can utilize flood pings (though this should be done cautiously):

execute ping flood

This sends continuous pings until manually stopped (usually with Ctrl+C). It’s important to note that this could generate significant traffic and may not be suitable for production environments.

6. Extended Ping Options

FortiGate also allows extended options such as specifying TTL (Time To Live) values and setting specific interface parameters:

  • TTL: You can set a custom TTL value using:

    execute ping ttl 
  • Interface: To specify which interface to use for sending pings:

    execute ping interface 

These options are particularly useful when dealing with complex routing scenarios or when testing specific paths through your network infrastructure.

7. Using Traceroute Instead of Ping

While not strictly a part of the ping command, it’s worth mentioning that traceroute can provide additional insights into network paths and latency issues:

execute traceroute 

Traceroute shows each hop along the path to a destination and helps identify where delays or failures occur.

Conclusion

Using these various options available in FortiGate’s ping command allows network administrators to effectively troubleshoot connectivity issues by customizing their tests based on specific needs such as packet size, number of attempts, timeouts, and more advanced configurations like TTL settings and interface selection.

By understanding and utilizing these commands properly, administrators can diagnose problems more efficiently and maintain optimal network performance.


Authoritative Sources Used:

  • Fortinet Documentation
  • Cisco Networking Academy
  • Network World