How do I use output of packet monitor capture to identify which rule or policy blocking the PING

davenonwork

I am unable to ping between LAN zone and Backup Zone. When I check policy from LAN to Backup zone I see Any Any policy. So, PING should not be blocked. Also policy # 27 which is shown in the output of packet monitor capture does not even match with what is going on. So I would like to know if I am misinterpreting the output of packet monitor capture to find cause of PING failure between LAN and Backup zones. Please advise. Thanks in advance.

BWC

On Gen6 the mentioned settings can be found under Manage → Logs & Reporting → Log Settings → Base Setup, you have to hit the "Import Template" toggle.

—Michael@BWC

Arkwright

Unfortunately the contents of the DROPPED line are not especially useful. It definitely does not tell you what policy it is that causes the traffic to be dropped, despite it being obvious to pretty much anybody that that's exactly the kind of information one would hope to see there.

Also, "Policy" could be any of route policy, NAT policy or access policy, but, unlikely to be a route policy if it's a connected network. Unlikely to be a NAT policy between two connected private networks. So probably is access policy.

MarkD

In the device/log/settings - import the firewall action the logs should then show the action against the firewall rules.

davenonwork

https://community.sonicwall.com/technology-and-support/discussion/comment/22306#Comment_22306

I will try this and update the post.

davenonwork

https://community.sonicwall.com/technology-and-support/discussion/comment/22306#Comment_22306

I have TZ 600 with SonicOS Enhanced 6.5.4.15-116n. This is not the option I see you put in the screenshot or otherwise.

davenonwork

https://community.sonicwall.com/technology-and-support/discussion/comment/22314#Comment_22314

I looked around last night, but going by your steps again. Thanks will update here.

davenonwork

https://community.sonicwall.com/technology-and-support/discussion/comment/22323#Comment_22323

Unfortunately, I was not able to test your suggested fix. But thanks for your advice!

Nathan_M

Do you have the Intrusion Prevention System (IPS) turned on and have it set to block low priority attacks? If so try de-selecting the prevent all option for low priority attacks. Then retest to see if PINGs work.

I would also create a custom rule to allow ICMP from your LAN to backup zone and set the priority manually to be in front of all other LAN to backup zone rules and re-test.

There is also this article from Sonicwall on troubleshooting this.

https://www.sonicwall.com/support/knowledge-base/how-do-i-resolve-drop-code-packet-dropped-policy-drop/180118173757062