router behind isp can't ping

Hi,
I have replaced my ISP.
Their router was set to bridge. I have connected  my fortigate router to the lan interface of their router.

now I receive the public ip address on the fortigate.  the wan interface obtained the good public ip address and  get the default route automatically.
but when i try to ping Google 8.8.8.8, I obtain a timeout ....
Strange thing ...
If I connect a computer directly behind the isp router, ithe comptuter received the good public ip and I can browse internet.
Can you help on this ..

part on the conf
#config-version=FGT-60-3.00-FW-build754-101027:opmode=0:vdom=0
#conf_file_ver=5918844466376775422
#buildno=0754
config system global
    set hostname "FGT-xxxxxxxxxxxxxxxxx"
    set timezone 04
end
config system accprofile
    edit "prof_admin"
        set admingrp read-write
        set authgrp read-write
        set avgrp read-write
        set fwgrp read-write
        set imp2pgrp read-write
        set ipsgrp read-write
        set loggrp read-write
        set mntgrp read-write
        set netgrp read-write
        set routegrp read-write
        set spamgrp read-write
        set sysgrp read-write
        set updategrp read-write
        set vpngrp read-write
        set webgrp read-write
    next
end
config system interface
 edit "internal"
        set vdom "root"
        set ip 192.168.1.1 255.255.255.0
        set allowaccess ping https http
        set type physical
    next
    edit "dmz"
        set vdom "root"
        set ip 10.10.10.1 255.255.255.0
        set allowaccess ping https
        set type physical
    next
    edit "wan1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping
        set type physical
        set defaultgw enable
    next
    edit "wan2"
        set vdom "root"
        set ip 192.168.101.99 255.255.255.0
        set allowaccess ping
        set type physical
    next
    edit "modem"
        set vdom "root"
    next
    edit "ssl.root"
        set vdom "root"
        set type tunnel
    next

Open in new window



Thanks,
wahrani16Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chretien TALOMSystem Engineer MessagingCommented:
Hey,

Since you own rooter is getting the right IP and manage the connection, you should use his onw IP as gateway and not the Ip for the first router.

When yo send a ping your router will get the request and forward it to ISP's router.

Thank you
Regards
0
wahrani16Author Commented:
Sorry,
 I think My explanations are not good, here is a schema
When I remove the fortigate and put a pc in place, I obtain the public ip adress and i can browse. I think it's a fortigate configuration issue ...
Thank you
 schema
0
wahrani16Author Commented:
the policy on the fortigate is : allow lan to wan1 accept
ping from the fortigate to ip : 8.8.8.8 or another timed out ...
0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

AkinsdNetwork AdministratorCommented:
Is NAT configured on your router?

Also, be aware though that inability to Ping does not confirm connection break. Icmp traffic may just be blocked.

You can try resetting your router
0
wahrani16Author Commented:
Thank you,
NAT is configured, icmp is allowed. 8.8.8.8 is a pingable address. I have resetted the fortigate and it's the same thing :(
0
wahrani16Author Commented:
Hi thanks,
But the firewall is in NAT mode and not transparent.
I want the firewall stay in NAT mode.
0
wahrani16Author Commented:
I have resetted the firewall to default factory.
Reconfigured it.
The issue is the same.
from the pc on the internal interface of the fortigate I can ping 192.168.1.1 wich is the internal interface, also I can ping the fortigate wan adresse. (obtained by isp dhcp)
If I try to ping the wan address from internet, the wan doesn't respond. ..
Strange problem ....
0
wahrani16Author Commented:
I have installed this kind off firewall on 5 customers. No problem ...

Thank you
0
AkinsdNetwork AdministratorCommented:
Try a different router.

It's either the ISP refuses to form neigbor association with your router or the router has issues

I think the problem is on the fortigate. That's why I sent you the first link to their website that showed up in google search.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wahrani16Author Commented:
I have replaced the firewall
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.