SonicWall TZ270
Lala
Newbie ✭
Hello Community,
I have an odd question regarding the TZ270 Firewall. We are building a small scale enterprise system for class and when we are accessing the AP wirelessly and trying to ping the Inner and Outer IP addresses for the firewall, we are unable to do so.
We have tried setting numerous rules as well as going into the internal settings to see if it was a NAT issue, but nothing has worked so far.
Does anyone have any suggestions?
TYIA :)
Category: Mid Range Firewalls
0
Answers
@Lala I'am not sure if I understand the situation here correctly, but whenever you want to ping the firewall you have to enable Ping in the interface settings.
If you're trying to ping the firewall not from within the same subnet you need an additional Access Rule, but you have to make sure to enable the "Enable Management" checkbox, otherwise it'll not work.
—Michael@BWC
Hello Lala,
When attempting to ping an interface, please ensure that you have ping enabled on that interface, as well as the appropriate access rules to accommodate the pings, if the traffic is coming from a separate subnet.
Although enabling ping on the interface generally creates the default rule, if you are having issues with specific zone > zone traffic, you can create a rule destined for the Interface IP, with the destination service of Ping.
You can check if ping is enabled on the interface by editing the interface settings, (Under Network > System > Interfaces). This will allow the interface to accept pings.
Additionally, best practices do generally involve leaving ping disabled on the WAN. If you would like to leave this enabled, for testing purposes or monitoring, you can lock this down to specific source IPs by editing the WAN > WAN rule for Destination Port Ping. You can view this under Policy > Rules and Policies > Access Rules.
Please also note, if you have IPS low priority attacks set to prevent all, this will also block pings. You can see if this is enabled via Policy > Security Services > Intrusion Prevention. You will also see the IPS block in the logs, as long as your logging level is reporting Alert level logs.