Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Allow ping

frefre Newbie ✭
in Entry Level Firewalls

I have a TZ-300 and my ISP is asking me to allow their IP to ping my equipment (for availability monitoring).

I've found a checkbox at X1 interface to allow Ping. It worked. I noticed the device created an Access Rule and that I can change this rule so that "Source" can be a specified IP.

But my ISP asked clearence for two IP.

Therefore I've tried to create Address Objects and Access Rules to recreate the above mentioned rule, at the same priority, with no success. At LOG it shows "err1: policy not found for packet on Zones(WAN -> WAN)".

See below both rules: #2 is the created by the device, #3 is the one I've created. Rule #3 is not being hit if I remove "Ping" from interface X1.

image.png


What should I do to allow two IPs?

Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @fre

    • delete your IP test Rule
    • create two address objects with the IP addresses from your ISP
    • create an address group and insert the two address objects from above
    • alter the ping rule in your WAN-WAN access rules and select the address group as source

    --Michael@BWC

Answers

  • frefre Newbie ✭

    Thanks, this solved my issue.

    I still don't know why two rules didn't work, guess something else changes when user select "Ping" for the WAN interface. Can you please clarify?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @fre my best guess would be, that you did not enabled "Allow Management traffic" in the 2nd rule which is necessary if you need to talk to the Firewall. Altering the default Access Rule is a common way to limit access.

    --Michael@BWC

Sign In or Register to comment.