Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Echo replies

I've recently upgraded our firewall to a TZ470. I'm noticing a large # (5000+) echo replies under Dashboard-System-Threats. This is over a couple of weeks time. This seems like a lot. Is there a way to prevent these or is this more something to disregard...they are listed as Risk Level high so I'm guessing disregarding them is probably asking for trouble down the road

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    SaravananSaravanan Moderator
    Answer ✓

    Hi @ARONS,

    Thank you for visiting SonicWall Community.

    As per SonicWall's IPS (Intrusion Prevention System) settings, Pings are considered to be a low priority attacks and IPS offers a way to block or allow pings passing through the firewall.

    If you know that there are legitimate pings passing via the SonicWall, then its OK to have the pings allowed or if there are no such happenings, kindly enable the ICMP block in Low Priority attack for IPS. Enabling ICMP block may affect ping tests during a troubleshooting session that involves ping; you have to check the GUI logs and turn off the ICMP during that time.

    Hope this clarifies.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Answers

  • AronSAronS Newbie ✭

    thanks I will set ICMP block for low priority attacks in IPS as advised, i had it set to just detect

  • SaravananSaravanan Moderator

    Sure thing @ARONS.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • AronSAronS Newbie ✭

    I checked our FW this AM, there were about 353 echo replies yesterday, after I blocked low priority attacks in IPS.

    Also, just checking, echo replies are listed as high risk level....


  • SaravananSaravanan Moderator

    Hey @ARONS,

    The echo replies are treated to be high risk because firewall tends to allow access for ping. Any access allowed by the firewall is going to treated as high risk. Hence we diligently allow the accesses that are must for our requirement by creating specific rules. Security Service IPS by default has built-in signatures and it categorizes all signatures into certain levels as HIGH, MEDIUM and LOW. The ICMP (Ping) falls into Low Priority Category. This sort of marking is there on the SonicWall to provide security. Whether IPS blocks/allows ping or any other service traffic, it would still log those activities and present as a report. IMO, no need to get concerned about the ping traffics being marked as high risk as this is expected.

    Let me know for any questions.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • AronSAronS Newbie ✭

    thank you

  • SaravananSaravanan Moderator

    You are most welcome @AronS. I'm happy that I could help you!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.