V4.31 allows incoming ping to interface
So here I was testing thinking V4.31 fixed a issue I was having with FQDN only to go on GRC shields up! Only to see Ping Reply: RECEIVED (FAILED) hmmm... I have a test rule at the top of which is from OPT to ZyWALL any for source and destination service ICMP deny and this fails.
Tested on ZyWALL 110
Do you mean that, you set a security policy to deny/drop ICMP packets from Internet to USG, however the USG still reply the ICMP?
Could you share more information about this test tool and fail behavior?
Yes the USG still reply to ICMP and a security policy to deny/drop ICMP packets does not work.
tested at GRC if you test any port it tests ICMP along with it0
I have rolled back to V4.30 and it does not have this issue0
I create a security policy rule from OPT to ZyWall, service is PING, no matter action is deny or reject, It does not reply ICMP echo response
Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.
Can you send me the OPT packets capture(capture during testing) and device configuration file via private message
Are you testing with a ZyWALL 110 ?0
So I went from 430AAAA0ITS-2018-01-09-180100142D to V4.31 and it was allowing ping regardless of the firewall rule. Went from V4.31 to V4.30 all is fine. And now went from V4.30 to V4.31 and now it blocks ICMP regardless of a firewall rule to allow it.
So can you test that you can allow ICMP to ping the interface please.
So yes back to the ZyWALL 110 not allowing ICMP on OPT port.0
Solved was a change to how ICMP is allowed with a bridge setup doing Real DMZ ICMP thats now allowed down the bridge by a rule from OPT to ZyWall by not doing a from WAN to DMZ.0
- 8.1K All Categories
- 1.6K Nebula
- 60 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.4K Security
- 224 Security Ideas
- 963 Switch
- 45 Switch Ideas
- 868 WirelessLAN
- 20 WLAN Ideas
- 5.2K Consumer Product
- 139 Service & License
- 268 News and Release
- 95 Success Stories
- 53 Security Advisories
- 12 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Nebula Monthly Express
- 71 About Community
- 44 Security Highlight