After Allowing ICMP, Ping is Still Denied

After Allowing ICMP, Ping is Still Denied

131605
Created On 09/25/18 17:42 PM - Last Modified 05/31/23 19:09 PM


Resolution


Symptoms

After creating a rule to allow ICMP, attempting to ping hosts is still denied.

 

Issue

ICMP type 8 messages (ping) are a unique and commonly-used "application" which uses ICMP, so it is defined as a separate application.

 

Resolution

To allow ping using a security rule, select "ping" as the application type. Allowing ICMP only will not allow ping. The ping application is not dependent on ICMP being allowed to work correctly.

 

Note: Since traceroute uses ping, allowing the ping application will also allow traceroute as well.

 

icmp-ping.jpg

 

owner: gwesson
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIoCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language