Fortinet 631 FortiWeb 5.0 Patch 6 Administration Guide
For example, you might use ping to determine that 172.16.1.10 is reachable:
execute ping 172.16.1.10
PING 172.16.1.10 (172.16.1.10): 56 data bytes
64 bytes from 172.16.1.10: icmp_seq=0 ttl=64 time=2.4 ms
64 bytes from 172.16.1.10: icmp_seq=1 ttl=64 time=1.4 ms
64 bytes from 172.16.1.10: icmp_seq=2 ttl=64 time=1.4 ms
64 bytes from 172.16.1.10: icmp_seq=3 ttl=64 time=0.8 ms
64 bytes from 172.16.1.10: icmp_seq=4 ttl=64 time=1.4 ms
--- 172.20.120.167 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.8/1.4/2.4 ms
or that 192.168.1.10 is not reachable:
execute ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10): 56 data bytes
Timeout ...
Timeout ...
Timeout ...
Timeout ...
Timeout ...
--- 192.168.1.10 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
If the host is not reachable, you can use traceroute to determine the router hop or host at
which the connection fails:
execute traceroute 192.168.1.10
traceroute to 192.168.1.10 (192.168.1.10), 32 hops max, 72 byte
packets
1 192.168.1.2 2 ms 0 ms 1 ms
2 * * *
For more information on CLI commands, see the FortiWeb CLI Reference. For more information
on troubleshooting connectivity, see “Connectivity issues” on page 641.
Log messagesLog messages often contain clues that can aid you in determining the cause of a problem.
FortiWeb appliances can record log messages when errors occur that cause failures, upon
significant changes, and upon processing events.
Depending on the type, log messages may appear in either the event, attack, or traffic logs. The
FortiWeb appliance must be enabled to record event, attack, and traffic log messages;
otherwise, you cannot analyze the log messages for events of that type. To enable logging of
different types of events, select Log&Report > Log Config > Other Log Settings.
Both ping and traceroute require that network nodes respond to ICMP. If you have disabled
responses to ICMP on your network, hosts may appear to be unreachable to ping and
traceroute, even if connections using other protocols can succeed.