Solved: Re: MX450 device not pinging

Soby P Kuruvilla · ‎06-30-2020

Hi All,

I am installing a new MX450 device. The Internet Port 1 is configured with Static IP using "Local status page" and connected to Switch and port is up. But I am unable to ping this static IP even from this directly connected Switch . I can see the mac table and ARP table is learning the mac address in the correct switchport and IP address .. But unable to ping the Static IP configured for the device.

MX internet port is configured without any VLAN tagging and switch port connected is an access port in the correct vlan of the static IP configured.

Whether inbound ICMP is denied by default for the Internet Ports of the MX device ?

Note the device is yet to be registered to the Meraki dashboard.

Thanks

Soby P Kuruvilla · ‎07-03-2020

MX450 device is now pinging after registering to dashboard .. So, it seems that device is having default deny for inbound ICMP to WAN internet port. Once registered, the default config in dashboard with "allow any" for ICMP is pushed to the device.

Cant find a documentation for the same in Meraki sites ..Please help if anyone finds it.

Thanks.

View solution in original post

Rasmus Hoffmann Birkelund · ‎06-30-2020

Your MX450, might not be allowed to reply to ICMP pings.
Under Security & SD-WAN -> Firewall what does it say in the filed Security Appliance services?

#########
LinkedIn ::: https://blog.rhbirkelund.dk/
Like what you see? - Mark as helpful ## Did it answer your question? - Mark it as a Solution 🙂
All code examples are provided as is. Responsibility for Code execution is solely your own.

Soby P Kuruvilla · ‎06-30-2020

Thanks..As mentioned, the new MX device not registered to the dashboard yet as there some fw ports to be opened in perimeter firewalls..

anyway, in dashboard it is "any" for ICMP ping

Rasmus Hoffmann Birkelund · ‎06-30-2020

Ah, sorry, I didn't see your note.

If it's the first time registering, it is probably doing first time update. Try and give it some time. It's it probably downloading firmware,upgrading, rebooting a couple of times.

What colors in the status LED is the MX showing on the front?

#########
LinkedIn ::: https://blog.rhbirkelund.dk/
Like what you see? - Mark as helpful ## Did it answer your question? - Mark it as a Solution 🙂
All code examples are provided as is. Responsibility for Code execution is solely your own.

Soby P Kuruvilla · ‎06-30-2020

No problem .. As said, there are some perimeter firewall ports to be opened to get it registered to dashboard.

But, question is, before registering to dashboard , can the internet port pingable ? I am trying from local switch itself where the device is directly connected so there is no routing issue.

BrechtSchamp · ‎06-30-2020

I'm not sure what the behavior is before the cloud connection is established, but I would assume it's the same as the default cloud settings, and those are to allow ping by default:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Denying_Inbound_ICMP_on_the_MX

Soby P Kuruvilla · ‎07-03-2020

MX450 device is now pinging after registering to dashboard .. So, it seems that device is having default deny for inbound ICMP to WAN internet port. Once registered, the default config in dashboard with "allow any" for ICMP is pushed to the device.

Cant find a documentation for the same in Meraki sites ..Please help if anyone finds it.

Thanks.

Rasmus Hoffmann Birkelund · ‎07-04-2020

In retrospect, that kind of makes sense, actually. I probably wouldn't want an unprovisioned device responding openly to pings.
Great find, @Soby P Kuruvilla !

#########
LinkedIn ::: https://blog.rhbirkelund.dk/
Like what you see? - Mark as helpful ## Did it answer your question? - Mark it as a Solution 🙂
All code examples are provided as is. Responsibility for Code execution is solely your own.

Soby P Kuruvilla · ‎07-05-2020

Thank you 🙂