After Allowing ICMP, Ping is Still Denied

After Allowing ICMP, Ping is Still Denied

76755
Created On 09/25/18 17:42 PM - Last Modified 08/05/19 20:11 PM


Resolution

Symptoms

After creating a rule to allow ICMP, attempting to ping hosts is still denied.

Issue

ICMP type 8 messages (ping) are a unique and commonly-used "application" which uses ICMP, so it is defined as a separate application.

Resolution

To allow ping using a security rule, select "ping" as the application type. Allowing ICMP only will not allow ping. The ping application is not dependent on ICMP being allowed to work correctly.

Note: Since traceroute uses ping, allowing the ping application will also allow traceroute as well.

icmp-ping.jpg

owner: gwesson



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIoCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language