ICMP Packet dropped due to Policy Drop

05/31/2023 279 People found this article helpful 499,063 Views

Description

Access rule for ICMP has been created.Implicit Allow rule has been created.

ICMP Packets are dropped due to Policy Drop when trying to ping the SonicWall interface

Cause

In the relevant access rule,Enable Management checkbox has not been selected

NOTE:By default, management traffic is not allowed between two different subnets. For instance, in this knowledge base article, X0 LAN subnets will not able to ping/manage X3 DMZ Gateway and vice versa.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Navigate to Network| System| Interfaces.
Click on the configure tab of the interfaces. In this example, it is going to be X0 and X3 interfaces.
Enable Ping under Management.
Navigate to Policy | Rules and Policies| Access Rules.
Locate the relevant access rule. EXAMPLE: Any Any Any Allow select Configure tab.
Check the Enable Management checkbox to permit the ping on the interface.
Ping will now be permitted.Also uncheck the option - Prevent All | Low Priority Attacks, under Policy| Security Services | Intrusion Prevention (if this option is enabled ).

How to Test

Ping X3's interface IP from the PC behind X0. Pings will be successful and ICMP packets will not dropped by the SonicWall.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Navigate to MANAGE | Network | Interfaces.
Click on the configure tab of the interfaces. In this example, it is going to be X0 and X3 interfaces.
Enable Ping under Management.
Navigate to MANAGE | Firewall | Access Rules.
Locate the relevant access rule. EXAMPLE: Any Any Any Allow select Configure tab. .
Check the Enable Management checkbox to permit the ping on the interface.
Ping will now be permitted.Also uncheck the option - Prevent All | Low Priority Attacks, under Manage | Security Services | Intrusion Prevention (if this option is enabled ).

How to Test

Ping X3's interface IP from the PC behind X0. Pings will be successful and ICMP packets will not dropped by the SonicWall.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Navigate to Network | Interfaces.
Click on the configure tab of the interfaces. In this example, it is going to be X0 and X3 interfaces.
Enable Ping under Management.
Navigate to Firewall | Access Rules.
Locate the relevant Access Rule . EXAMPLE: Any Any Any Allow select Configure tab. .
Check the Enable Management checkbox to permit the ping on the interface.
Ping will now be permitted.Also uncheck the option - Prevent All | Low Priority Attacks, under Security Services | Intrusion Prevention (if this option is enabled ).