In our network we used to be in the same vlan of our employees endpoint and we used to use the command ping -a x.x.x.x
to resolve the name of the pinged IP.
after we have moved our PCs "admins" to a different zone, now we can't use this command anymore, the ping is working but the paramenter -a is not getting any names.
knowing that we have a full access to the dns still.
I belive this is firewall matter and as I read ping -a uses some layer 2 staff.
things are not clear, so how to have ping -a getting the names with the command output again?
This option works perfectly fine through security zones on my firewall without any issues. If this only started happening after you moved these machines into a new security zone, try enabling logging on your interzone-default to ensure your capturing denied traffic and see if anything is getting blocked due to not being included in your rulebase.
If it worked via DNS and your DNS traffic is not being blocked, then it should still work. I suspect the name resolution was working via Netbios which uses broadcast destination address and most likely not being forwarded across. You can test ping -a from new zone to verify it still works on same broadcast domain and play with nslookups to test DNS.
Hi, 1. can you check interface setting and its zone protection configuration. It may be possible ping is blocked on interface level.
2. can you check output of tracert and check where it gets dropped . It will give you idea about the hop which comes in between source and destination. You can check all devices if you are sure that PA configuration is fine.
2. Is ping not working for specific subnet or whole network
Offhand I don't know how ping -a functions in the background and whether it uses netbios or DNS for the name resolution. The only thing that I can tell you for sure is that I can do it successfully across security zones without any issues. This is the first time that I've actually even heard of ping -a, and it's not extremely useful personally, but it's perfectly functional across L3 security zones without any issue.
I hope any one tell me how this ping -a works.
is it working by querring the name "from the DNS" so I need to have access to the DNS which is already provided.
is it using the netbios name? how to enable this app in the security rules?
"by the way, just now I found the ping -a is working to other zone"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!