Hi there,
my clients can PING every host on local net but not on the internet. When I try to ping google.com, I don't get a reply.
All ICMP rules are set, even with an any/any rule it did not work. Sophos itself can PING any host, but now my clients.
Hi Kevin,
Greeting.
On the Network Protection > Firewall > ICMP tab you can configure the settings for the Internet Control Message Protocol (ICMP). Allowing any ICMP traffic on this tab will override ICMP settings being made in the firewall.
Global ICMP Settings
The following global ICMP options are available:
Allow ICMP on Gateway: This option enables the gateway to respond to ICMP packets of any kind.
Allow ICMP through Gateway: This option enables forwarding of ICMP packets through the gateway if the packets originate from an internal network, i.e., a network without default gateway.
Allow ICMP through Gateway from external networks: This option enables forwarding of ICMP packets through the gateway from an external network, i.e., the Internet.
Log ICMP redirects: ICMP redirects are sent from one router to another to find a better route for a packet's destination. Routers then change their routing tables and forward the packet to the same destination via the supposedly better route. If you select this option, all ICMP redirects received by the gateway will be logged in the firewall log.
Note – If enabled, the ICMP settings apply to all ICMP packets, including ping and traceroute—if sent via ICMP—, even if the corresponding ping and traceroute settings are disabled.
Ping Settings
The program ping is a computer network tool used to test whether a particular host is reachable across an IP network. Ping works by sending ICMP echo request packets to the target host and listening for ICMP echo response replies. Using interval timing and response rate, ping estimates the round-trip time and packet loss rate between hosts.
The following ping options are available:
Gateway is ping visible: The gateway responds to ICMP echo request packets. This feature is enabled by default. Ping from gateway: You can use the ping command on the gateway. This feature is enabled by default. Gateway forwards pings: The gateway forwards ICMP echo request and echo response packets originating from an internal network, i.e., a network without default gateway.
Hope this helps:)
Thanks
Sachin Gurung
Hi Kevin,
Greeting.
On the Network Protection > Firewall > ICMP tab you can configure the settings for the Internet Control Message Protocol (ICMP). Allowing any ICMP traffic on this tab will override ICMP settings being made in the firewall.
Global ICMP Settings
The following global ICMP options are available:
Allow ICMP on Gateway: This option enables the gateway to respond to ICMP packets of any kind.
Allow ICMP through Gateway: This option enables forwarding of ICMP packets through the gateway if the packets originate from an internal network, i.e., a network without default gateway.
Allow ICMP through Gateway from external networks: This option enables forwarding of ICMP packets through the gateway from an external network, i.e., the Internet.
Log ICMP redirects: ICMP redirects are sent from one router to another to find a better route for a packet's destination. Routers then change their routing tables and forward the packet to the same destination via the supposedly better route. If you select this option, all ICMP redirects received by the gateway will be logged in the firewall log.
Note – If enabled, the ICMP settings apply to all ICMP packets, including ping and traceroute—if sent via ICMP—, even if the corresponding ping and traceroute settings are disabled.
Ping Settings
The program ping is a computer network tool used to test whether a particular host is reachable across an IP network. Ping works by sending ICMP echo request packets to the target host and listening for ICMP echo response replies. Using interval timing and response rate, ping estimates the round-trip time and packet loss rate between hosts.
The following ping options are available:
Gateway is ping visible: The gateway responds to ICMP echo request packets. This feature is enabled by default. Ping from gateway: You can use the ping command on the gateway. This feature is enabled by default. Gateway forwards pings: The gateway forwards ICMP echo request and echo response packets originating from an internal network, i.e., a network without default gateway.
Hope this helps:)
Thanks
Sachin Gurung
