Troubleshooting Tip: Using PING options from the FortiGate CLI
Last Updated 6 months ago
Description
This article describes the FortiGate ping options in IPv4 and IPv6 that can be used for various troubleshooting purposes. Two particularly useful options are repeat-count and source.
Scope
FortiGate.
Solution
From the CLI, type the following command to see all IPv4 ping options:
adaptive-ping : FortiGate sends the next packet as soon as the last response is received.
data-size : Specify the datagram size in bytes.
df-bit {yes | no}: Set df-bit to yes to prevent the ICMP packet from being fragmented. Set df-bit to no to allow the ICMP packet to be fragmented.
pattern <2-byte_hex>: Used to fill in the optional data buffer at the end of the ICMP packet. The size of the buffer is specified using the data_size parameter. This allows for sending out packets of different sizes to test the effect of packet size on the connection.
interval: time between each ping.
interface {Auto | }: Egress interface used to transmit the ECHO request. If Auto, FortiGate selects based on destination IP route lookup.
repeat-count : Specify how many times to repeat the ping attempt.
source {auto | }: Specify the source IP address to send the ping. If auto is specified, the FortiGate selects a source address based on the interface chosen to send the traffic. Specifying source IP addresses in different network segments can be used to simulate connections originating from different subnets.
timeout : Specify, in seconds, how long to wait until the ping times out.
tos : Set the IP ToS (Type of Service) field in the packet header to indicate the quality of service wanted.
default: IP ToS field 0x00.
lowcost: minimize the cost, IP ToS field 0x02.
lowdelay: minimize the delay, IP ToS field 0x10.
throughput: maximize throughput, IP ToS field 0x08.
reliability: maximize reliability, IP ToS field 0x04.
ttl : Specify the time to live. Time to live is the number of hops the ping packet should be allowed to make before being discarded or returned.
validate-reply {yes | no}: Select 'yes' to validate reply data.
view-settings: Display the current ping-option settings.
use-sdwan : Default is 'no'. If set to 'yes', ping will check SD-WAN rules and policy routes. Usually used with other options, such as source, to match a specific SD-WAN rule based on a specific source address.
reset: Reset ping options to default values.
Note:
Ping can also be used to verify FortiGate's ability to resolve domain names. To test name resolution, ping with the domain name as the destination. If PING output shows an IP address, name resolution was successful:
execute ping google.com
PING google.com (142.250.179.78): 56 data bytes
When IPv6 is enabled in FortiGate feature visibility settings and an IPv6 address is assigned to an interface, IPv6 ping can be performed through the command below:
execute ping6 y:y:y:y:y:y:y:y
From CLI, the ping options available for IPv6 are similar to IPv4 and are the following:
The use and meaning of each IPv6 option are similar to its IPv4 counterpart. Note that in IPv6, option source is called source6, and option df-bit is not available.