Rejecting PING requests

Rejecting PING requests

The factory default configuration of your FortiGate unit allows the default external interface to respond to ping requests. Depending on the model of your FortiGate unit the actual name of this interface will vary. For the most secure operation, you should change the configuration of the external interface so that it does not respond to ping requests. Not responding to ping requests makes it more difficult for a potential attacker to detect your FortiGate unit from the Internet. One such potential threat are Denial of Service (DoS) attacks.

A FortiGate unit responds to ping requests if ping administrative access is enabled for that interface.

 

To disable ping administrative access – web-based manager

1. Go to System > Network > Interface.

2. Choose the external interface and select Edit.

3. Clear the Ping Administrative Access check box.

4. Select OK.

In the CLI, when setting the allowaccess settings, by selecting the access types and not including the PING option, that option is then not selected. In this example, only HTTPS is selected.

 

To disable ping administrative access – CLI

config system interface edit external

set allowaccess https

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU

4 thoughts on “Rejecting PING requests

  1. i can ping the fortigate from the windows OS from the remote location but when i try to ping the from the cisco router from the remote location i can’t able to ping
    my firewall installed behind the cisco router, when i try to ping locally from the router i can ping.
    Only problem coming with the remote location router.
    Please help

    • Are you performing any NAT on the tunnel? What interface or source IP is the router actually using when performing the ping. Check to make sure those are in proper configuration and test with debugging on to see what it outputs.

      • Thanks for your reply Mike
        Nating is configured only on the router and i have allowed the ping on the fortigate interface.
        i’m using the 192.168.11.1 for the router and 192.168.11.4 for the fortigate. if i need to ping from the router 192.168.11.1 it’s pinging. but when i try from other branches router not able to ping but the remote branches pc’s able to ping 192.168.11.4 fortigate interface. Only problem is coming with the routers.
        I have also checked the trusted host it’s default 0.0.0.0/0
        Please help

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.