Question:
When i perform a ping from the CLI console i get the following message : “Could not open outbound connection?” What is the reason for this?
Answer:
There are many of reasons for this, below is a list of both common and uncommon reasons.
- Failed to find a route to the destination IP
- Failed to find a route to the source IP
- The connection table is full (and conn-replace fails)
- Failed to acquire a new ICMP ID or source TCP/UDP port for NAT'ing
- UDP Src Port 0 is specified, but not allowed (by setting)
- Failed to acquire an IP from the NAT pool
- SLB fails to apply the configured policy
- Threshold rules does not allow a new connection at this stage
The first two, “Failed to find a route to dest/src IP” is the most common causes of this message.
Related articles
Using Stateless IP Policies in cOS Core
4 Apr, 2023 core stateless connections
4 Apr, 2023 core stateless connections
LogOpenFails and no_new_conn_for_this_packet log events.
28 Feb, 2025 core connections
28 Feb, 2025 core connections
Behavior of ping simulation towards a ALG policy
6 Feb, 2025 core ping alg
6 Feb, 2025 core ping alg
Allowing Traceroute to and through cOS Core
23 Aug, 2022 core behaviour icmp ping traceroute
23 Aug, 2022 core behaviour icmp ping traceroute
What is a "zombie" connection?
24 Mar, 2021 core connections
24 Mar, 2021 core connections
Troubleshooting cOS Core rules/routes with ping simulation
17 Mar, 2023 core routing rules ping icmp cli
17 Mar, 2023 core routing rules ping icmp cli
Freeing up more memory in the Firewall
23 Aug, 2022 core connections ipsec memory
23 Aug, 2022 core connections ipsec memory