Ping and ping-options in Fortigate.

Introduction

In this article we will see how to run “ping” command from Fortigate CLI. We will also see how to use ping-options command to specify various parameters for the ping. I will be using FortiOS 6.2.3 for the demo, but the commands apply to other versions too.

Fortigate VM

If you don’t have a Fortigate to practice with, you can read this article, which explains how to create a virtual Fortigate firewall and run it on your PC for free.

Simple “ping”

The “ping” command in its simplest form is going to look like this:

exec ping <ipaddress/hostname>

The example is below:

Using “ping-options”

Aside from sending ping packets with default parameters you also can customize the behavior of ping utility by specifying various parameters.

To override the default values for ping utility use the following command:

exec ping-options <parameter> <value>

The screenshot below shows all available parameters for FortiOS 6.2.3:

To view the default and current parameter values use the following command:

exec ping-options view-settings

As you can see from the output above, the ping utility sends 5 packets, each 56 bytes with timeout of 2 sec, by default. There are also other interesting parameters and we are going to see how to tune them.

Examples of “ping-options” usage

adaptive-ping

By default, the ICMP request packets are sent with interval of 1 second. You can instruct the ping utility to send the next ICMP request packet as soon as it receives the response for previous request, by setting adaptive-ping to enable. Usage:

exec ping-options adaptive-ping <enable|disable>

data-size

To specify the payload size for the ICMP packet, set the following parameter value in bytes:

exec ping-options data-size <bytes>

Below, the ICMP packets have the size of 508 bytes. The reason is we specify only the payload size of 500 bytes, and the packets also have 8 byte ICMP headers, which adds up to 508 bytes.

df-bit

Set df (Don’t Fragment) bit in IP header. df bit in IP header specifies whether the packet can be fragmented or not. It means that the packets larger than MTU value on the interface will be dropped if they have df bit set to yes. Usage:

exec ping-options df-bit <yes | no>

interface

It’s possible to specify the source interface for the outgoing ping packets. By default, it is set to Auto, which means the source interface will be selected based on the routing table. The usage:

exec ping-options interface auto | <interface>

interval

It’s possible to specify the interval in seconds between sending ICMP requests using the following command:

exec ping-options interval <integer>

pattern

Pattern specifies the content of the data buffer/payload of the ICMP request.

By default it’s filled with zeroes:

You can set it using the following command:

exec ping-options pattern <hex-pattern>

After running “exec ping-options pattern cc” the packet content looks like this:

repeat-count

This is pretty straightforward. It specifies the number of ICMP requests to be sent.

exec ping-options repeat-count <integer>

reset

Resets all ping-options parameters to their default values:

exec ping-options reset

source

Specifies the source IP address for the outgoing packets. When using this option, make sure the packet uses the right outbound interface, because in some versions of FortiOS you also need to manually specify the source interface. Usage:

exec ping-options source auto | <source interface IP> 

timeout

Specify timeout in seconds. By default is set to 2. Usage:

exec ping-options timeout <integer>

ttl

Integer value to specify TTL:

exec ping-options ttl <1-255>

Conclusion

Now you know how to tune the ping utility to meet your needs. Hope this has been helpful. Thank you for reading.