Sourcing a ping from a specific interface and address on a Fortigate
The Fortigate ping function doesn’t allow you to specify a source interface, which is sort of annoying.
So instead, you have to source it from a specific address and hope that the Fortigate figures out which interface that address has. I guess this is sort of okay, but it just doesn’t give you as much control as your might want.
execute ping-options view Ping Options: Repeat Count: 5 Data Size: 56 Timeout: 2 Interval: 1 TTL: 64 TOS: 0 DF bit: unset Source Address: auto Pattern: Pattern Size in Bytes: 0 Validate Reply: no
Sending a ping out of the IP of an interface, where 18.104.22.168 is the interface bound address:
execute ping-options source 22.214.171.124 exec ping 126.96.36.199
The Fortigate will drop all packets sourced by any address other than ICMP from the address set to be the monitor address in the ECMP routing or other ICMP monitors (such as a part of a Load Balancer test).
But, you can monitor return packets easily:
diag debug enable diag debug console timestamp enable diag sniffer packet wan2 'host 188.8.131.52' 1
Where ‘wan2’ is the wan interface we want to send traffic out of, where 184.108.40.206 (our ‘exec ping-options source’ address) is bound.
diag debug dis diag debug reset #ping-options will reset to default when your tty session ends