Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Ping Restriction to my Public IP

I have a block of public IPs. xx.xx.xx.01 - xx.xx.xx.04. xx.xx.xx.01 is my WAN interface for the Sonicwall. xx.xx.xx.02 included in subnet on WAN interface. I need to be able to ping a device that has the correct Public ip/private IP nat policies applied. example public IP xx.xx.xx.02 is nat'd to 192.168.1.50

When enabling ping on Wan interface, it auto generates rule to allow ping. I have edited the ping to only allow pings from certain public IPs, but the problem "all management X1"IP does not include my .02 address even though it is part of the subnet configured on the WAN interface. and I cannot change the rule from "all management X1 IP". How do I edit the system generated rule, or create my own rule & nat policy to make this work?

Category: Firewall Security Services
Reply

Answers

  • Hello @Kerby,

    Welcome to SonicWall community.

    If xx.xx.xx.02 is nat'd to 192.168.1.50 and the service 'Ping' is also allowed, then you can create a separate access rule as below to restrict the ping traffic from those specific source addresses.

    Source: Block of IPs to be allowed

    Destination: xx.xx.xx.02

    Service: Ping

    Action: Allow

    You can have a separate rule to allow other services necessary from all source addresses if necessary. You would need to add Ping service in the existing NAT policy.

    I hope that helps.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • SaravananSaravanan Moderator

    Hi @KERBY,

    Thank you for your reaching us on SonicWall Community.

    As per your post, it sounds to me like you are indeed trying to pass ping traffic to a local IP 192.168.1.50 from external network or Internet using one of the WAN subnets usable IP address XX.XX.XX.02. If I'm right, there is no need for you to enable PING management on WAN interface of the SonicWall. An Inbound NAT policy to allow service PING and an WAN to 192.168.1.50 present Zone should do the trick.

    The NAT policy should look as below,

    Original Source: Any

    Translated Source: Original

    Original Destination: Choose Public IP | XX.XX.XX.2

    Translated Destination: Choose Private IP | 192.168.1.50

    Original Service: PING

    Translated Service: Original

    Inbound Interface: X1

    Outbound Interface: Any

    Comment: Enter a short description

    Enable NAT Policy: Checked


    The access rule (ensure choosing WAN to 192.168.1.50 present zone) should resemble as below,

    Action: Allow

    Service: PING

    Source: Any

    Destination: Choose Public IP | XX.XX.XX.2

    Users Allowed: All

    Schedule: Always on

    Logging: checked

    Comment: (enter a short description)

    Hope this helps!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.