![]() Cabling to ensure no loose connections.Possible ECMP, split horizon, or network loops.If there is some packet loss detected, you should investigate the following: By default, FortiGate units have ping enabled while broadcast-forward is disabled on the external interface.īeyond the basic connectivity information, ping can tell you the amount of packet loss (if any), how long it takes the packet to make the round trip, and the variation in that time from packet to packet. However, many public networks block ICMP packets because ping can be used in a denial of service (DoS) attack (such as Ping of Death or a smurf attack), or by an attacker to find active locations on the network. Ping sends Internet Control Message Protocol (ICMP) “echo request” packets to the destination, and listens for “echo response” packets in reply. Ping is part of Layer-3 on the OSI Networking Model. ![]() The behavior of ping is very much like a sonar ping from a submarine, where the command gets its name. The response has a timer that may expire, indicating the destination is unreachable. The ping command sends a very small packet to the destination, and waits for a response. Since you typically use these tools to troubleshoot, you can allow them in the security policies and on interfaces only when you need them, and otherwise keep the ports disabled for added security. If ping does not work, you likely have it disabled on at least one of the interface set- tings, and security policies for that interface.īoth ping and traceroute require particular ports to be open on firewalls, or else they cannot function. This is an added troubleshooting feature that can be useful in determining why particular services, such as email or web browsing, may not be working properly. While both tools can use IP addresses alone, they can also use domain names for devices. In addition to their normal uses, ping and traceroute can tell you if your computer or network device has access to a domain name server (DNS). This combination can be very powerful when locating network problems. However, ping can be used to generate simple network traffic to view with diagnose commands on the FortiGate unit. Alone, either one can determine network connectivity between two points. Ping and traceroute are useful tools in network troubleshooting.
0 Comments
Leave a Reply. |