-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to restrict Ping to SonicWall WAN interfaces from specific public IP addresses
12/06/2023 
79 People found this article helpful
491,664 Views
Description
How to restrict Ping to SonicWall WAN interfaces from specific public IP addresses from outside the network
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Feature:
Restrictions can be applied to WAN interfaces so that only a specific IP address or a range of IP address can ping the WAN interface from outside the network. This involves the following steps:
Step 1: Allowing Ping on the WAN interface.
Step 2: Creating an address object or address group containing the IP addresses that are allowed to Ping the interface.
Step 3: Modifying the Firewall Access Rule so that only that specific address or range of IP addresses can ping the interface.
Scenario:
The following scenario covers how to restrict the Ping on the X1 WAN interface so that only 1 public IP address (111.111.111.111) can ping the interface.
Procedure:
Step 1. Enabling the Ping on the X1 WAN interface:
Navigate to Network | System | Interfaces tab and edit WAN interface by clicking on the "configure" button located on hovering over to the X1 WAN interface and Enable Ping.
Step 2. Create an address object in the WAN zone containing the IP address (111.111.111.111) that is allowed to ping the interface.
Navigate to Object | Match Objects | Addresses and create an address object as shown below:
Step 3: Modify the Firewall Access Rule so that only that specific address can ping the interface.
a. Go to Policy | Rules and Policies | Access Rules click on the "Matrix" radio button and click on the intersection from WAN to WAN zone.
b. Edit the rule that allows the Ping to the X1 WAN interface by clicking on the edit button by hovering over to the rule in question.
c. Change the source to the address object we created at Step 2.
NOTE: If you are unable to modify the default access rule, then you will have to allow first the ability to modify default access rules from diag page. But make sure to disable the ability once you will be done making the changes as it is not recommended to keep them on always enabled mode. Follow below article for help:
How To Enable the Ability To Remove and Fully Edit Auto-added Access Rules
Now only the public IP address 111.111.111.111 will be allowed to ping the X1 WAN interface.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Feature:
Restrictions can be applied to WAN interfaces so that only a specific IP address or a range of IP address can ping the WAN interface from outside the network. This involves the following steps:
Step 1: Allowing Ping on the WAN interface.
Step 2: Creating an address object or address group containing the IP addresses that are allowed to Ping the interface.
Step 3: Modifying the Firewall Access Rule so that only that specific address or range of IP addresses can ping the interface.
Scenario:
The following scenario covers how to restrict the Ping on the X1 WAN interface so that only 1 public IP address (111.111.111.111) can ping the interface.
Procedure:
Step 1. Enabling the Ping on the X1 WAN interface:
Navigate to Manage | Network | Interfaces tab and edit WAN interface by clicking on the "configure" button located on the right-hand side of the X1 WAN interface and Enable Ping.
Step 2. Create an address object in the WAN zone containing the IP address (111.111.111.111) that is allowed to ping the interface.
Navigate to Manage | Objects | Address Objects and create an address object as shown below
Step 3: Modify the Firewall Access Rule so that only that specific address can ping the interface.
a. Go to Manage | Rules | Access Rules click on the "Matrix" radio button and click on the intersection from WAN to WAN zone.
b. Edit the rule that allows the Ping to the x1 WAN interface by clicking on the edit button located on the right-hand side.
c. Change the source to the address object we created at Step 2.
NOTE: If you are unable to modify the default access rule, then you will have to allow first the ability to modify default access rules from diag page. But make sure to disable the ability once you will be done making the changes as it is not recommended to keep them on always enabled mode. Follow below article for help:
How To Enable the Ability To Remove and Fully Edit Auto-added Access Rules
Now only the public IP address 111.111.111.111 will be allowed to ping the X1 WAN interface.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Feature:
Restrictions can be applied to WAN interfaces so that only a specific IP address or a range of IP address can ping the interface. This involves the following steps:
Step 1: Allowing Ping on the WAN interface.
Step 2: Creating an address object or address group containing the IP addresses that are allowed to Ping the interface.
Step 3: Modifying the Firewall Access Rule so that only that specific address or range of IP addresses can ping the interface.
Scenario
The following scenario covers how to restrict the Ping in the x1 interface so that only 1 public IP address (111.111.111.111) can ping the interface.
Procedure
Step 1. Enabling the Ping on the x1 WAN interface:
Enable the Ping on the WAN interface by clicking on the "configure" button located on the right-hand side of the x1 WAN interface and enable the "Ping" checkbox:
Step 2. Create an address object in the WAN zone containing the IP address (111.111.111.111) that is allowed to ping the interface.
To do that, go to Firewall | Address Objects and create an address object as shown below
Step 3: Modify the Firewall Access Rule so that only that specific address can ping the interface.
a. Go to "Firewall" > "Access Rules" > click on the "Matrix" radio button and click on the intersection FROM WAN TO WAN zone.
b. Edit the rule that allows the Ping to the x1 WAN interface by clicking on the edit button located on the right-hand side.
c. Change the source to the address object we created at Step 2.
Now only the public IP address 111.111.111.111 will be allowed to ping the x1 WAN interface.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > TZ Series > Networking
- Firewalls > SonicWall NSA Series > Networking
- Firewalls > SonicWall SuperMassive 9000 Series > Networking
YES
NO