Discard ping isn't discarding ping


#1

Hi there

I’ve got a Balance 210 that replies to pings from the internet even though all WAN’s are set to “Reply to ICMP PING *disabled”*on the appropriate page.

Is there something I’m overlooking?


#2

Is it possible you are forwarding all inbound traffic to an internal device?


#3

Yes it is possible and the device has been told not to reply.
Simple problem solved by my simple oversight.


#4

Turns out that it’s still an issue. Deny inbound icmp entries are polluting my Cisco ASA5505’s log.

Which takes priority, a firewall rule or a NAT mapping?


#5

Firewall rule will override NAT Mappings.


#6

So if I go:

NAT Mapping:
LAN Client------Inbound Mappings--------------------------Outbound Mappings
192.168.1.11—(WAN1):xxx.xxx.xxx.xxx (Interface IP)-------Use Interface IP only

and

Inbound Firewall Rules:
Rule—Protocol------WAN—Source------Destination-------Policy
Ping—ICMP:8-------Any----Any---------192.168.1.11-----Deny

ICMP ping denys shouldn’t be showing up in the log of my ASA5505 and ShieldsUp shouldn’t be reporting that WAN1 replies to pings.
Because they are and it is.


#7

Please open up a support ticket with us here and we will investigate the issue.