Turn ON Respond to ICMP (PING) USG FLEX 700

ivessm
ivessm Posts: 45  Freshman Member
First Anniversary 10 Comments
edited April 2021 in Nebula
So I searched and can't find any mention of enabling a USG FLEX under Nebula (Fully patched as of today) respond to a PING on the WAN ports.

Curious if anyone has a compass so I can find my way on this. <joke> 

Thanks.

-stew

All Replies

  • Zyxel_Jonas
    Zyxel_Jonas Posts: 313  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @ivessm,

    You may achieve the goal by configuring a firewall rule setting allowing ICMP packet to device.
    Path: USG FLEX > Configure > Firewall
    Specify a source IP and destination to "Device".

    Jonas,
    Jonas,
  • ivessm
    ivessm Posts: 45  Freshman Member
    First Anniversary 10 Comments
    Jonas - Thanks for your reply. 

    Yes, I am familiar with adding the PING to a firewall with the USG series of routers by modifying WAN_to_Device and adding the PING Default_Allow_WAN_to_ZyWALL group. 

    But I'm now trying to add the same thing to a USG FLEX 700 router through Nebula and I just can't figure out what to put in the blocks. 

    I'm under USG FLEX > Configure > Firewall and clicked Add under Security Policy here are the fields and my guess at what to put in them:
    Name: PreFilled: SF_ rest is free text for my name
    Action: Allow
    Application Patrol / Content Filtering Policy (PRO): As this is a PRO feature I suspect I could leave this BLANK
    Protocol: Any
    Source: Any
    Destination: Any
    Dst Port: Any
    Schedule: Always
    Description: Free text field

    This does not work and there was no Default settings like there is with the earlier USG series routers.

    I have not been able to find a good document covering Nebula and the field descriptions and entries for this USG FLEX 700.

    Thanks again for any input.

    -stew

  • ivessm
    ivessm Posts: 45  Freshman Member
    First Anniversary 10 Comments
    I did get a reply fm ZyXEL TS. Here it is:

    I'm under USG FLEX > Configure > Firewall > Security Policy here are the fields to fill in for ICMP protocol on the WAN ports
    Name: PreFilled w SF_: SF_ICMP
    Action: Allow
    Application Patrol / Content Filtering Policy (PRO): As this is a PRO feature I suspect I could leave this BLANK Yes, BLANK
    Protocol: ICMP
    Source: Any
    Destination: Device
    Dst Port: Any
    Schedule: Always
    Description: Free text field

    That turned on PING response on both WAN ports. It is recommended that you narrow down the Source from Any to specific IP addresses so you don't respond to any source that pings your IP.

    I'm still looking for where this is all documented. I would rather read about it and try and learn it than contacting TS.

    Hope this helps someone.

    -stew
     

Nebula Tips & Tricks