ping between server is not working
Showing results for 
Search instead for 
Did you mean: 

ping between server is not working

L3 Networker



I have created a rule to allow ping between to and fro from servers below is the scenario


source zone: A, B, C

Source IP: 1 , 2 , 3

Destination zone: A, B, C

Destination IP: 1, 2, 3

Application: Ping

Service: application-default

action: Allow


But the rule is not triggering, the traffic is denied due to dafault deny...

can anyboady tell me the whats the  reason for this?? and how i can resolve it?


Thanks in advance



Accepted Solutions

After adding icmp to application it's started working fine.

Thanks for your all support guys.


View solution in original post


L3 Networker



Reason is that the traffic is not hitting your policy, instead hits your default deny rule.


Community Team Member

As the policy is Top-down, it will match on the rules in order. 

You have created the rule to allow Ping, but the question is where is this rule in the policy?


LIVEcommunity team member
Stay Secure,
Don't forget to Like items!

the rule is on the top of default deny but still it's not working.


Community Team Member

Can you enable logging of your default deny rule (this is not enabled by default).  

Can you confirm the zones / IP's when you check the actual drop log ?




Yes we have enabled it and i can see it the Zones and ips are correct but still it's not working


are you seeing ICMP ping being dropped or UDP?


the AppID application 'ping' is for ICMP echo requests only. if your host is sending out UDP pings, they will not match

Tom Piens
Like my answer? check out my book!

I can see ICMP IP protocol in the logs.


L3 Networker



Just for test add in the policy application field "ping" and "ICMP" apps and try.



L3 Networker

Is the server is located behind the firewall and you are trying to ping from outside ? ( nat and security policy needs to be checked )

If that is not the case then it may also happen the new sessions are getting matched with the old discard sessions.


Most likely as me peers mentioned above either the deny policy is above the allow policy or there the zones and the ips needs to be cross checked once again



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!