Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 6362 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ping over bridge

luigi.crevatin
Hello everybody,
On an UTM120 v9.004-33 I've configured 2 ethenet port in bridge mode; the ruleset in the firewall configuration is very simple and it works (example RDP, mail, web). 
In the "ICMP"  tab under "Network protection""Firewall" I checked every flag except the "Log ICMP redirect", but the ping doesn't work from one side to the other of the bridge [:S] .

Btw I need that ping works, because there are some video application that require it.

Any ideas ???

Thanks in advance

Luigi


This thread was automatically locked due to age.
  • 0
    Hi, Luigi,

    I don't know why, but there apparently is a change, and you will need to add a Firewall rule to allow the traffic.  Any luck with that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,
    thanks for your post, but I'm sorry to say that I already tried a lot of FW rules, including something like AnyIp>AnyService>AnyIp.
    Obviously without success; that bridged UTM doesn't want to forward ICMP packets...
    Any other suggestion?

    Luigi
  • 0
    Hi, you'll need to use an ICMP definition in your firewall rules.

    Barry
  • 0
    I've just upgraded from 8 to UTM9 and have the same problem as Luigi. An ASG320 with all ports bridged.  On Network Protection/ICMP, all tick boxes are ticked. Packet Filter Rule 1 states any-ICMP-Any-Allow but pings are not passing through the firewall. This worked on release 8, but not now.

    The ICMP service definitions now have a Type/Code which they didn't have in release 8. I've tried adding these into the rules but still no joy.

    If i look at the log, the connections do appear, but in red so they're clearly being blocked but i don't know why.

    Can anyone help?
  • 0
    Tony, please post a line showing a block from the Firewall log file (not the Live Log).

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Sample log entry as requested.

    ulogd[8603]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="0" initf="br0" outitf="br0" srcmac="0:1b:21:3c:68:89" dstmac="0:1a:8c:17:a4:79" srcip="a.b.c.d" dstip="w.x.y.z" proto="1" length="84" tos="0x00" prec="0x00" ttl="59" type="8" code="0"
  • 0
    ICMP T8 C0


    Cheers - Bob

    Sorry for any short responses!  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Morning Bob.

    Thanks for your response. I've added a firewall rule that says 'Ping Echo Request' any-any allow. But it still doesn't work. The log entry i've shown says, FWRule="0" so it looks to me as if it's isn't even reaching my ruleset. Do you know how i can change this rule?

    Many thanks in advance
  • 0
    Just done some searching of this forum and found this https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/40919. If i disable everything from the ICMP tab ping now works!

    I think that's a bug as well.
  • 0
    I have confirmed this myself and submitted a formal bug report via a support ticket.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner