Ping
The ping command sends a very small packet to the destination, and waits for a response. The response has a timer that may expire, indicating the destination is unreachable. The behavior of ping is very much like a sonar ping from a submarine, where the command gets its name.
Ping is part of Layer-3 on the OSI Networking Model. Ping sends Internet Control Message Protocol (ICMP) “echo request” packets to the destination, and listens for “echo response” packets in reply. However, many public networks block ICMP packets because ping can be used in a denial of service (DoS) attack (such as Ping of Death or a smurf attack), or by an attacker to find active locations on the network. By default, FortiGate units have ping enabled while broadcast-forward is disabled on the external interface.
What ping can tell you
Beyond the basic connectivity information, ping can tell you the amount of packet loss (if any), how long it takes the packet to make the round trip, and the variation in that time from packet to packet.
If there is some packet loss detected, you should investigate the following:
• Possible ECMP, split horizon, or network loops.
• Cabling to ensure no loose connections.
• Verify which security policy was used (use the packet count column on the Policy & Objects > Policy page).
If there is total packet loss, you should investigate the following:
• Hardware — ensure cabling is correct, and all equipment between the two locations is accounted for.
• Addresses and routes — ensure all IP addresses and routing information along the route is configured as expected.
• Firewalls — ensure all firewalls, including FortiGate unit security policies allow PING to pass through.
How to use ping
Ping syntax is the same for nearly every type of system on a network.
To ping from a FortiGate unit
1. Connect to the CLI either through telnet or through the CLI widget on the web-based manager dashboard.
2. Enter exec ping 10.11.101.101 to send 5 ping packets to the destination IP address. There are no options for this command.
Sample output:
Head_Office_620b # exec ping 10.11.101.101
PING 10.11.101.101 (10.11.101.101): 56 data bytes
64 bytes from 10.11.101.101: icmp_seq=0 ttl=255 time=0.3 ms
64 bytes from 10.11.101.101: icmp_seq=1 ttl=255 time=0.2 ms
64 bytes from 10.11.101.101: icmp_seq=2 ttl=255 time=0.2 ms
64 bytes from 10.11.101.101: icmp_seq=3 ttl=255 time=0.2 ms
64 bytes from 10.11.101.101: icmp_seq=4 ttl=255 time=0.2 ms
--- 10.11.101.101 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.3 ms
To ping from an MS Windows PC
1. Open a command window.
• In Windows XP, select Start > Run, enter cmd, and select OK.
• In Windows 7, select the Start icon, enter cmd in the search box, and select cmd.exe from the list.
2. Enter ping 10.11.101.100 to ping the default internal interface of the FortiGate unit with four packets.
Other options include:
• -t to send packets until you press “Control-C”
• -a to resolve addresses to domain names where possible
• -n X to send X ping packets and stop
Sample output:
C:\>ping 10.11.101.101
Pinging 10.11.101.101 with 32 bytes of data:
Reply from 10.11.101.101: bytes=32 time=10ms TTL=255
Reply from 10.11.101.101: bytes=32 time<1ms TTL=255
Reply from 10.11.101.101: bytes=32 time=1ms TTL=255
Reply from 10.11.101.101: bytes=32 time=1ms TTL=255
Ping statistics for 10.11.101.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 10ms, Average = 3ms
To ping from a Linux PC
1. Go to a shell prompt.
2. Enter “ping 10.11.101.101”.