How to enable ICMP

Gel
Gel Posts: 12
First Anniversary Friend Collector First Comment
edited May 2022 in Security
How to enable ICMP to ping to IP: 192.141.xx.xx. I have the Flex 200

Accepted Solution

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022 Answer ✓

    For some reason I saw that as 192.168...

    so is this 192.141.108.181 on the WAN of the Flex 200 or do you have a subnet of WAN IP's?

    if its one WAN IP your dealing with to ping Flex 200 you just need a firewall rule from WAN to Zywall for ping


«1

All Replies

  • Fred_77
    Fred_77 Posts: 115  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Gel

    it is a somewhat vague request.

    However assuming 192.141.xxx.254 is the ip of Lan1 on usg, you need to create a Lan1-to-Zywall security Policy where icmp is allowed.
    But it should already be that way by default.

    even better would be a clarification on how you configured the usg

    Fred
  • Gel
    Gel Posts: 12
    First Anniversary Friend Collector First Comment
    @Fred_77 You almost got the ip right: 192.141.xxx.254 is on LAN2 and the company just wants to ping that ip, but they can't because the firewall is blocking it. I enabled PING in the services option because it was disabled and it still didn't work they still can't ping their equipment.
  • Fred_77
    Fred_77 Posts: 115  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Well, i suppose the client  you are pinging  for usg on is in the same zone/subnet right?
    If so, enabling icmp and ping services in Lan2-to-Zywall should be enought 
    Or is your scenario little more complex?
  • Gel
    Gel Posts: 12
    First Anniversary Friend Collector First Comment
    @Fred_77forgive me, I forgot to say that the client is external, outside my network.
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022

    So you don't want to ping the WAN IP on the Flex 200 you want to ping the device on NAT to 192.141.xx.xx from external IP?

    Going to config > object > service > service group

    add group name ping move ping to it

    go to config > network > NAT

    add Virtual Server with a name

    incoming like wan1

    for external IP click create new object > address name WAN1 set address type to INTERFACE IP and the interface WAN1 then find WAN1 for external IP

    internal IP 192.141.xx.xx

    port mapping type Service-Group

    external service find ping



  • Gel
    Gel Posts: 12
    First Anniversary Friend Collector First Comment
    @PeterUKThe fixed IP of my internet here is 192.141.xx.xx; A NU was placed that receives the fiber optic cable and sends the signal to the Firewall. When they try to ping this IP for monitoring, the firewall blocks it and they get no ping response. They are out of my network. They are external. I've tried everything but I'm not getting to release them so that they have a ping response.
  • Fred_77
    Fred_77 Posts: 115  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    @Gel
    sorry but i've not so clear your scenario: ip 192.141.XX.XX is on LAN2 or is a WAN ip? 
    Maybe you need to configure a bridge interface?
  • Gel
    Gel Posts: 12
    First Anniversary Friend Collector First Comment
    To facilitate the IP they are trying to ping here is this one: 192.141.108.181
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022 Answer ✓

    For some reason I saw that as 192.168...

    so is this 192.141.108.181 on the WAN of the Flex 200 or do you have a subnet of WAN IP's?

    if its one WAN IP your dealing with to ping Flex 200 you just need a firewall rule from WAN to Zywall for ping


  • Gel
    Gel Posts: 12
    First Anniversary Friend Collector First Comment
    @PeterUK That's right for some reason I was wrong when talking about LAN at some point, but it's a WAN. And it's on WAN2. I'm still learning to configure some things. How should I create this rule?

Security Highlight