How to Enable ICMP (ping) On Only Internal Interface
03/26/2020 22 15086
By default, selecting the Enable ICMP pings check box on the Network Settings page in AMC enables ping on all interfaces. This article describes the steps required to enable this on the internal interface only.
NOTE: This procedure applies only to dual-homed appliances.
Warning SonicWall strongly recommends that users not familiar or comfortable with the "vi" command or the command line contact SonicWall product support for assistance. Always back up your configuration before performing hand edits. Use the command line at your own risk.
Please see KB ID SW2500 for some suggestions on enabling SSH access to the appliance and getting onto the command line.
In the Aventail Management Console (AMC), disable ping by clearing the Enable ICMP pings check box on the Network Settings page and then save and apply changes.
SSH to the appliance and edit /usr/local/osconfig/templates/iptables-active.vtl
Search for this line: -A ICMP_FILTER -p icmp --icmp-type echo-request -j ACCEPT
Change it to this: -A ICMP_FILTER -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
Return to AMC and enable pings in the normal manner (select the Enable ICMP pings check box from the Network Settings Page) and then apply changes.
Your appliance will now respond to pings on the internal interface only.