ICMP Packet dropped due to Policy Drop

Description

Access rule for ICMP has been created.Implicit Allow rule has been created.

ICMP Packets are dropped due to Policy Drop when trying to ping the SonicWall interface

Cause

In the relevant access rule,Enable Management checkbox has not been selected

NOTE:By default, management traffic is not allowed between two different subnets. For instance, in this knowledge base article, X0 LAN subnets will not able to ping/manage X3 DMZ Gateway and vice versa.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

  1. Navigate to Network| System| Interfaces.
  2. Click on the configure tab of the interfaces. In this example, it is going to be X0 and X3 interfaces.ImageImage
  3. Enable Ping under Management.
    ImageImage
  4. Navigate to Policy | Rules and Policies| Access Rules.
  5. Locate the relevant access rule. EXAMPLE: Any Any Any Allow select Configure tab.Image
  6. Check the Enable Management checkbox to permit the ping on the interface.
  7. Ping will now be permitted.Also uncheck the option - Prevent All | Low Priority Attacks, under Policy| Security Services | Intrusion Prevention (if this option is enabled ).Image

How to Test

  • Ping X3's interface IP from the PC behind X0. Pings will be successful and ICMP packets will not dropped by the SonicWall.

Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


  1. Navigate to MANAGE | Network | Interfaces.
  2. Click on the configure tab Image of the interfaces. In this example, it is going to be X0 and X3 interfaces.ImageImage

  3. Enable Ping under Management.
    Image
    Image

  4. Navigate to MANAGE | Firewall | Access Rules.
  5. Locate the relevant access rule. EXAMPLE: Any Any Any Allow select Configure tab. Image. Image

  6. Check the Enable Management checkbox to permit the ping on the interface.
    Image

  7. Ping will now be permitted.Also uncheck the option - Prevent All | Low Priority Attacks, under Manage | Security Services | Intrusion Prevention (if this option is enabled ).Image

How to Test

  • Ping X3's interface IP from the PC behind X0. Pings will be successful and ICMP packets will not dropped by the SonicWall.
    Image

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.


  1. Navigate to Network | Interfaces.
  2. Click on the configure tab Image of the interfaces. In this example, it is going to be X0 and X3 interfaces.ImageImage

  3. Enable Ping under Management.
    Image
    Image

  4. Navigate to  Firewall | Access Rules.
  5. Locate the relevant Access Rule . EXAMPLE:  Any Any Any Allow select Configure tab. Image .Image

  6. Check the Enable Management checkbox to permit the ping on the interface.
    Image

  7. Ping will now be permitted.Also uncheck the option - Prevent All | Low Priority Attacks, under Security Services | Intrusion Prevention (if this option is enabled ).Image

How to Test

  • Ping X3's interface IP from the PC behind X0. Pings will be successful and ICMP packets will not dropped by the SonicWall.
    Image

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
NSa Series
Networking
Firewalls
NSv Series
Networking
Firewalls
TZ Series
Networking
not finding your answers?
Ask the Community