Allow ping
I have a TZ-300 and my ISP is asking me to allow their IP to ping my equipment (for availability monitoring).
I've found a checkbox at X1 interface to allow Ping. It worked. I noticed the device created an Access Rule and that I can change this rule so that "Source" can be a specified IP.
But my ISP asked clearence for two IP.
Therefore I've tried to create Address Objects and Access Rules to recreate the above mentioned rule, at the same priority, with no success. At LOG it shows "err1: policy not found for packet on Zones(WAN -> WAN)".
See below both rules: #2 is the created by the device, #3 is the one I've created. Rule #3 is not being hit if I remove "Ping" from interface X1.
What should I do to allow two IPs?
Answers
Thanks, this solved my issue.
I still don't know why two rules didn't work, guess something else changes when user select "Ping" for the WAN interface. Can you please clarify?
@fre my best guess would be, that you did not enabled "Allow Management traffic" in the 2nd rule which is necessary if you need to talk to the Firewall. Altering the default Access Rule is a common way to limit access.
--Michael@BWC