This article describes the behavior when trying to ping the internet from any of the local interfaces of the FortiGate.
Scope
FortiGate.
Solution
Trying to test connectivity via the command ‘exec ping-options source ‘ and then, trying to ping the internet will not work (exec ping 8.8.8.8).
Ping from an interface:
Only echo request going, no response:
By default, FortiGate can ping from only the interface on which the WAN connection is directly connected and none of the interfaces. The reason is that the traffic generated from any other interface will be direct and no security profiles will come into play, hence there will be no NATting triggered.
For example, trying to ping from a LAN port to the internet.
LAN port IP: 10.10.10.1 WAN port IP: X.X.X.X <-----On the firewall. Flow: Ping initiated from 10.10.10.1<-----> ISP Gateway Router
Now, the ISP router does not recognize the internal IP as it is expecting traffic from X.X.X.X only. Hence, a drop will happen.