ICMP gets dropped by DEFAULT DENY ANY ANY

Reply
BrianRa
L3 Networker

@mcjyrnnwould you try this rule for me.  You should not actually need two rules.  By adding both to the source and destination it allows any of the networks to ping eachother.

You can even copy one of the rules and modify it below the two existing.  Please also use just the applications I had.  RDP is something I would not allow both directions on all IPs.  However ICMP, PING, and TraceRoute should not be a problem for testing.

2500.png

(Yes I did paint hack it ; )

 

The reasoning for traceroute, like previously mentioned, is to check to make sure the traffic is symetrical and not returning a different route (ping often doesn't mind this) or that it isn't trying to go out a different gateway and getting lost in space.

 

Brian

mcjyrnn
L1 Bithead

@brian, yes this is what you have mentioned above. Somehow this is a production firewall. Will have to secure approval on this one. But I really am consideting this suggestion. Will let you know oncw I have a feedback
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!