Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Ping Restriction to my Public IP

I have a block of public IPs. xx.xx.xx.01 - xx.xx.xx.04. xx.xx.xx.01 is my WAN interface for the Sonicwall. xx.xx.xx.02 included in subnet on WAN interface. I need to be able to ping a device that has the correct Public ip/private IP nat policies applied. example public IP xx.xx.xx.02 is nat'd to

When enabling ping on Wan interface, it auto generates rule to allow ping. I have edited the ping to only allow pings from certain public IPs, but the problem "all management X1"IP does not include my .02 address even though it is part of the subnet configured on the WAN interface. and I cannot change the rule from "all management X1 IP". How do I edit the system generated rule, or create my own rule & nat policy to make this work?

Category: Firewall Security Services


  • Options

    Hello @Kerby,

    Welcome to SonicWall community.

    If xx.xx.xx.02 is nat'd to and the service 'Ping' is also allowed, then you can create a separate access rule as below to restrict the ping traffic from those specific source addresses.

    Source: Block of IPs to be allowed

    Destination: xx.xx.xx.02

    Service: Ping

    Action: Allow

    You can have a separate rule to allow other services necessary from all source addresses if necessary. You would need to add Ping service in the existing NAT policy.

    I hope that helps.


    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Options

    Hi @KERBY,

    Thank you for your reaching us on SonicWall Community.

    As per your post, it sounds to me like you are indeed trying to pass ping traffic to a local IP from external network or Internet using one of the WAN subnets usable IP address XX.XX.XX.02. If I'm right, there is no need for you to enable PING management on WAN interface of the SonicWall. An Inbound NAT policy to allow service PING and an WAN to present Zone should do the trick.

    The NAT policy should look as below,

    Original Source: Any

    Translated Source: Original

    Original Destination: Choose Public IP | XX.XX.XX.2

    Translated Destination: Choose Private IP |

    Original Service: PING

    Translated Service: Original

    Inbound Interface: X1

    Outbound Interface: Any

    Comment: Enter a short description

    Enable NAT Policy: Checked

    The access rule (ensure choosing WAN to present zone) should resemble as below,

    Action: Allow

    Service: PING

    Source: Any

    Destination: Choose Public IP | XX.XX.XX.2

    Users Allowed: All

    Schedule: Always on

    Logging: checked

    Comment: (enter a short description)

    Hope this helps!!!


    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.