This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ping over bridge

Hello everybody,
On an UTM120 v9.004-33 I've configured 2 ethenet port in bridge mode; the ruleset in the firewall configuration is very simple and it works (example RDP, mail, web).
In the "ICMP" tab under "Network protection""Firewall" I checked every flag except the "Log ICMP redirect", but the ping doesn't work from one side to the other of the bridge [:S] .

Btw I need that ping works, because there are some video application that require it.

Any ideas ???

Thanks in advance

Luigi

This thread was automatically locked due to age.

0 BAlfson over 12 years ago

Hi, Luigi,

I don't know why, but there apparently is a change, and you will need to add a Firewall rule to allow the traffic. Any luck with that?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 luigi.crevatin over 12 years ago in reply to BAlfson

Hi Bob,
thanks for your post, but I'm sorry to say that I already tried a lot of FW rules, including something like AnyIp>AnyService>AnyIp.
Obviously without success; that bridged UTM doesn't want to forward ICMP packets...
Any other suggestion?

Luigi
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 12 years ago

Hi, you'll need to use an ICMP definition in your firewall rules.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 tonyb over 12 years ago

I've just upgraded from 8 to UTM9 and have the same problem as Luigi. An ASG320 with all ports bridged. On Network Protection/ICMP, all tick boxes are ticked. Packet Filter Rule 1 states any-ICMP-Any-Allow but pings are not passing through the firewall. This worked on release 8, but not now.

The ICMP service definitions now have a Type/Code which they didn't have in release 8. I've tried adding these into the rules but still no joy.

If i look at the log, the connections do appear, but in red so they're clearly being blocked but i don't know why.

Can anyone help?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Tony, please post a line showing a block from the Firewall log file (not the Live Log).

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 tonyb over 12 years ago

Sample log entry as requested.

ulogd[8603]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="0" initf="br0" outitf="br0" srcmac="0:1b:21:3c:68:89" dstmac="0:1a:8c:17:a4:79" srcip="a.b.c.d" dstip="w.x.y.z" proto="1" length="84" tos="0x00" prec="0x00" ttl="59" type="8" code="0"
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

ICMP T8 C0

Cheers - Bob

Sorry for any short responses! Posted from my iPhone.
Cancel
Vote Up 0 Vote Down

Cancel
0 tonyb over 12 years ago

Morning Bob.

Thanks for your response. I've added a firewall rule that says 'Ping Echo Request' any-any allow. But it still doesn't work. The log entry i've shown says, FWRule="0" so it looks to me as if it's isn't even reaching my ruleset. Do you know how i can change this rule?

Many thanks in advance
Cancel
Vote Up 0 Vote Down

Cancel
0 tonyb over 12 years ago

Just done some searching of this forum and found this https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/40919. If i disable everything from the ICMP tab ping now works!

I think that's a bug as well.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

I have confirmed this myself and submitted a formal bug report via a support ticket.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel