We have configured the one Destination NAT policy. My requirement is Ping the NAT IP (Public IP) from the external network.
I have configured one security policy with application as 'ping' and service as 'any'.
For the above configuration, I can able to ping the Public IP from the external network. But I want to allow the specific service for Ping application.
Note : If I configured the service as "any or application-default", I can able to ping from the external network. If I mention particular service, I couldn't able to ping from the external network.
My question is, What is the service need to allow only for PIng application?
If you need any further information, please let me know.
I had already configured as application default and I could able to ping from external network.
But the issue is, we are receiving the lot of unwanted ports hit the server. Due to this, Server load become high. So that only we want to mention the particular the ports in service.
I want to block the unwanted port hit from firewall itself which will not hit the server.
Could you suggest me?
Seem you are on public IP range on both your wan and your DMZ. then if you just want to allowed ping. You should only have security rule like
from zone: WAN1-TATA
To zone DMZ-1
To IP 220.127.116.11
Service: Application default
Your Internet-DMZServers rule should be TO LARGE :-)
Incomplete mean, syn arrive to your server and your server never answer.
You have to know that before beeing able to indifty a complete app, your firewall nedd to first allow session's first packet.
Mean allowing syn / syn-ack /ack + first apcket.
At the beginning session identification is based on 5-tuple (source zone, source IP subnet, destination zone, destination IP subnet, destination port). Mean, based on this criterim, session match first security rule which allow these packet.
If your rule is on top, it can explain strange traffic in your log.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!