07-08-2022 11:54 AM
Hello, I am trying to ping the WAN interface of a Firepower in a laboratory and it blocks the traffic.
I have another firepower but this one is not added to the FMC and the ping works without problem, I already enabled the ping in the FMC and created a rule that allows everything and it doesn't work.
07-08-2022 12:00 PM
Ping would be permitted as default to the FTD.
Where did you configure the ping rules? ICMP (ping) is controlled via the Platform Settings not the Access Control Policy (ACP).
Where are you pinging from?
What interface are you connected to?
You'd only be able to ping the WAN interface if you were connected behind that interface, you could not be connected behind another FTD interface (i.e., INSIDE) and ping the WAN interface, that will not work by design.
07-08-2022 12:09 PM
07-08-2022 12:11 PM
connect a virtual machine to that interface to check and it doesn't work either.
07-08-2022 12:15 PM
@FranciscoOpenLink what is the configuration of the ICMP service "permitICMP"? if it's incorrect, there is an implicit deny, so the traffic will be dropped.
The ACP policy is not applicable when controlling traffic to the FTD's interface.
07-08-2022 12:21 PM
I am allowing ICMP in that policy
07-08-2022 01:35 PM
some times the PC OS FW drop ICMP, disable FW or allow ping.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide