03-21-2018 10:20 AM
Hi,
I am trying to test ping from zone A to zone B using 2 hosts IPs which belong to their respective zones.
What is the correct way to specifically test application ping?
fw1(active)> test security-policy-match application ping from from zone_1 to zone_2 source 192.168.1.1 destination 192.168.2.1
Server error : argument protocol is required
Ping does not use TCP or UDP. It uses ICMP. To be more precise ICMP type 8 (echo message) and type 0 (echo reply message) are used. ICMP does not have ports
Is it possible to test the above using the CLI prior to deploying a firewall to test ping between hosts?
Thanks.
03-21-2018 10:35 AM
You need to specify the protocol for ICMP, which is 1. That works well for me:
> test security-policy-match application ping from Trust to Internet source 192.168.1.1 destination 192.168.2.1 protocol 1
"Default Outbound; index: 5" {
from Trust;
source any;
source-region none;
to Internet;
destination any;
destination-region none;
user any;
category any;
application/service any/any/any/any;
action allow;
icmp-unreachable: no
terminal yes;
}The full list of protocols assigned by IANA is here, in case you want to test others (TCP is 6, UDP is 17 for example):
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
