Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
azhunissov
Staff
Staff

Created on ‎08-07-2019 05:25 AM Edited on ‎11-23-2021 03:15 AM By Community Manager

Article Id 196902

Technical Tip: The source option to change the source IP of the ping from the FortiGate CLI is not available

Description
This article explains why you cannot find the ping-options 'source' on the CLI of the FortiGate unit configured in HA (high availability).

Solution
If the FortiGate unit is a part of a Cluster, the "Slave\Backup" unit will not get source options with ping-options in spite of using active-active or active-passive HA mode.

For example, two FortiGate-90E were configured in HA active-active mode and the FG90E-1 is in the master role and the FG-90E is in the slave role.


# diagnose  sys  ha  status
HA information
Statistics
        traffic.local = s:0 p:24752 b:9062618
        traffic.total = s:0 p:24767 b:9065853
        activity.fdb  = c:0 q:0

Model=90, Mode=1 Group=0 Debug=0
nvcluster=1, ses_pickup=0, delay=0, load_balance=0, schedule=3, ldb_udp=0, upgrade_mode=0.

[Debug_Zone HA information]
HA group member information: is_manage_master=1.
SERIAL NUMBER: Master, serialno_prio=1, usr_priority=150, hostname=FG90E-1
SERIAL NUMBER:  Slave, serialno_prio=0, usr_priority=128, hostname=FG90E-2

[Kernel HA information]
vcluster 1, state=work, master_ip=169.254.0.2, master_id=0:
SERIAL NUMBER: Master, ha_prio/o_ha_prio=0/0
SERIAL NUMBER:  Slave, ha_prio/o_ha_prio=1/1
FG90E-1(master):
#FG90E-1 # execute ping-options ?
adaptive-ping     Adaptive ping <enable|disable>.
data-size         Integer value to specify datagram size in bytes.
df-bit            Set DF bit in IP header <yes | no>.
interface         Auto | <outgoing interface>.
interval          Integer value to specify seconds between two pings.
pattern           Hex format of pattern, e.g. 00ffaabb.
repeat-count      Integer value to specify how many times to repeat PING.
reset             Reset settings.
source            Auto | <source interface IP>.
timeout           Integer value to specify timeout in seconds.
tos               IP type-of-service option.
ttl               Integer value to specify time-to-live.
validate-reply    Validate reply data <yes | no>.
view-settings     View the current settings for PING option.
FG90E-2(slave):
#FG90E-2 # execute ping-options ?
adaptive-ping     Adaptive ping <enable|disable>.
data-size         Integer value to specify datagram size in bytes.
df-bit            Set DF bit in IP header <yes | no>.
interval          Integer value to specify seconds between two pings.
pattern           Hex format of pattern, e.g. 00ffaabb.
repeat-count      Integer value to specify how many times to repeat PING.
reset             Reset settings.
timeout           Integer value to specify timeout in seconds.
tos               IP type-of-service option.
ttl               Integer value to specify time-to-live.
validate-reply    Validate reply data <yes | no>.
view-settings     View the current settings for PING option.
15710
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.