FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
irodriguez_FTNT
Article Id 190774

Description

 

This article describes the FortiGate ping options that can be used for various troubleshooting purposes. Two particularly useful options are repeat-count and source.

 

Scope

 

FortiGate.


Solution


From the CLI, type the following command to see all options:

 

execute ping-options ?

execute ping-options adaptive-ping <enable|disable>

execute ping-options data-size <bytes>

execute ping-options df-bit {yes | no}

execute ping-options pattern <2-byte_hex>

execute ping-options interface <auto | interface_name>
execute ping-options interval <seconds>

execute ping-options repeat-count <repeats>

execute ping-options source {auto | <source-intf_ip>}

execute ping-options timeout <seconds>

execute ping-options tos <service_type>

execute ping-options ttl <hops>

execute ping-options validate-reply {yes | no}

execute ping-options view-settings

execute ping-options use-sdwan <yes | no>

execute ping-options reset

 

Keyword Description Default

 
  • adaptive-ping <enable|disable>: FortiGate sends the next packet as soon as the last response is received.
  • data-size <bytes>: Specify the datagram size in bytes.
  • df-bit {yes | no}: Set df-bit to yes to prevent the ICMP packet from being fragmented. Set df-bit to no to allow the ICMP packet to be fragmented.
  • pattern <2-byte_hex>: Used to fill in the optional data buffer at the end of the ICMP packet. The size of the buffer is specified using the data_size parameter. This allows for sending out packets of different sizes to test the effect of packet size on the connection.
  • interval: time between each ping.
  • interface: Outgoing interface. If no source-ip address is specified, the primary IP address of the interface is selected.
  • repeat-count <repeats>: Specify how many times to repeat the ping attempt.
  • Source {auto | <source-intf_ip>}: Specify the FortiGate interface from which to send the ping.

If auto is specified, the FortiGate selects the source address and interface based on the route to the <host-name_str> or <host_ip>.

Specifying the IP address of a FortiGate interface is used to test connections to different network segments from the specified interface.

  • timeout <seconds>: Specify, in seconds, how long to wait until the ping times out.
  • tos <service_type>: Set the ToS (Type of Service) field in the packet header to provide an indication of the quality of service wanted.
  • lowdelay: Minimize the delay.
  • throughput: Maximize throughput.
  • reliability: Maximize reliability.
  • lowcost: Minimize cost.
  • ttl <hops>: Specify the time to live. Time to live is the number of hops the ping packet should be allowed to make before being discarded or returned.
  • validate-reply {yes | no}: Select 'yes' to validate reply data.
  • view-settings: Display the current ping-option settings.
  • use-sdwan <yes | no>: If set to 'yes', the ping will follow SD-WAN rules and policy routes. Usually used with other options, such as source, to match a specific SD-WAN rule that is based on a specific source address.
  • reset: Reset ping options to default values.

Note: Ping can also be used for name resolution. To test name resolution, ping with the domain name as the destination. The following command output confirms the name resolution was successful:

       

exec ping google.com

PING google.com (142.250.179.78): 56 data bytes