Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

WAN Network Scanning tools that use Ping not able to get through Sonicwall

bobbob Newbie ✭
in Entry Level Firewalls

Hello all, having some trouble running ping scans from WAN out to a client's network using a Sonicwall. Sometimes called ICMP, ECHO PING, ping from WAN, etc.

We remotely looked at it, but their end user had no idea where ping could be changed, and our attempts have been unsuccessful so far. We suspect this snippet is accurate, but its behind some paywall/subscription service. Is this really required to allow 'ping scan'?

I've listed what I think will work, and what I've tried so far below.


Suspected Solution:

---------------------------------------------------------------------------------------------------------------------------

Ping Scan enabling appears to be locked to a service requirement for sonicwall: 

-Navigate to the Manage | Rules | App Control Advanced page. 

-Check the box under Enable App Control and click on the Accept button at the top to enable App Control.

This section was behind some subscription

---------------------------------------------------------------------------------------------------------------------------


Settings that failed to resolve letting Ping Scans through WAN to a network:

---------------------------------------------------------------------------------------------------------------------------

FIrewall Settings > Advanced settings > Access Rule Options

-Enable ICMP Redirect on LAN zone DISABLED

-Source Routed Packets - Drop Source Routed IP Packets Disabled 

Never generate IPv6 ICMP Time-Exceeded packets Disabled

 Never generate IPv6 ICMP destination unreachable packets Disabled

 Never generate IPv6 ICMP redirect packets Disabled

 Never generate IPv6 ICMP parameter problem packets Disabled

 Drop IPv6 Routing Header type 0 packets Disabled

---------------------------------------------------------------------------------------------------------------------------


Please advise if you've been able to find this setting

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    If they aren't subscribed to app control, not only will you not be able to get in to edit the app control rules, the app control won't be doing anything [because it's not subscribed]. So if you can't get in, then it's not the cause of your problem.

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    You could start a packet capture with "dropped packets only" ticked. Use the various filtering options to narrow down to what you're interested in.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    The whole point of a firewall is not to allow traffic in to your network (your LAN) from an untrusted source (the Internet).

    If you are talking about pinging the WAN interface of the Sonicwall, by default the device will drop it unless the Ping option is enabled on the WAN interface.

    https://www.sonicwall.com/support/knowledge-base/configuring-sonicwall-appliances-to-respond-to-ping-from-the-internet/170503504733788/


Sign In or Register to comment.