test security-policy-match application ping -> Server error : argument protocol is required

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

test security-policy-match application ping -> Server error : argument protocol is required

L2 Linker

Hi,

 

I am trying to test ping from zone A to zone B using 2 hosts IPs which belong to their respective zones.

What is the correct way to specifically test application ping?

 

fw1(active)> test security-policy-match application ping from from zone_1 to zone_2 source 192.168.1.1 destination 192.168.2.1
Server error : argument protocol is required

 

Ping does not use TCP or UDP. It uses ICMP. To be more precise ICMP type 8 (echo message) and type 0 (echo reply message) are used. ICMP does not have ports

 

Is it possible to test the above using the CLI prior to deploying a firewall to test ping between hosts?

 

Thanks.

 

 

1 REPLY 1

L7 Applicator

You need to specify the protocol for ICMP, which is 1. That works well for me:

> test security-policy-match application ping from Trust to Internet source 192.168.1.1 destination 192.168.2.1 protocol 1

"Default Outbound; index: 5" {
        from Trust;
        source any;
        source-region none;
        to Internet;
        destination any;
        destination-region none;
        user any;
        category any;
        application/service  any/any/any/any;
        action allow;
        icmp-unreachable: no
        terminal yes;
}

The full list of protocols assigned by IANA is here, in case you want to test others (TCP is 6, UDP is 17 for example):

https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

 

  • 3057 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!