Senior Member
Posts: 3,635
Registered: ‎11-26-2013
Kudos: 2022
Solutions: 110

EdgeRouter GUI Tutorial - Allow ICMP (ping)

[ Edited ]

Here is another quick video tutorial for those of you who want to use the GUI to enable ICMP on one of your EdgeRouter WAN interfaces.  This is quick and dirty, video link below instructions:

 

Step 1: Log into your EdgeRouter.
Step 2: Click the Firewall/NAT tab.
Step 3: Click the Firewall Policies tab.
Step 4: Local the ruleset called WAN_LOCAL, this is where we will allow ping.
Step 5: Click Actions, edit ruleset.
Step 6: Click Add New Rule button.

This is where you add a new rule.

Step 7: In the description put something like Allow Ping.
Step 8: Under Action click Accept.
Step 9: Under Protocol select Choose a protocol by name and then select icmp from the dropdown.
Step 10: Click the Destination tab and then select your WAN interface from the Interface Addr dropdown.
Step 11: Click Save
Step 12: Congratulations! Your EdgeRouter will now respond to ping requests on the WAN interface you selected.

 

Video Link:  https://youtu.be/hTFqZAZeDqQ

Need Ubiquiti Config Videos? https://www.youtube.com/williehowe
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5479
Solutions: 1656
Contributions: 2

Re: EdgeRouter GUI Tutorial - Allow ICMP (ping)

Great, thanks for sharing this!

New Member
Posts: 1
Registered: ‎06-22-2017
Kudos: 3

Re: EdgeRouter GUI Tutorial - Allow ICMP (ping)

[ Edited ]

For others doing this method, it also helps to further specify the ICMP type (8) inside of the rule. The GUI method does not have this option when you set the rule. However, it's easy to add it under the "Config Tree" tab.


Adding ICMP Type 8 (Echo)

 

1. Click "Config Tree" tab
2. Under the "Configuration" panel on the left, expand "firewall" node
3. Expand "name" node
4. Expand "WAN_LOCAL" node
5. Expand "rule" node
6. Expand "21" node (or whatever the last one is, which should be the rule you just set)
7. Clock "icmp"
8. Enter "8" as the value of "type"
9. Click "Preview"
10. Click "Apply" on popup configuration dialog



clipboard-image-PLQn2DwF.png

clipboard-image-OshZOFPm.png

New Member
Posts: 2
Registered: ‎10-17-2018

Re: EdgeRouter GUI Tutorial - Allow ICMP (ping)

CLI:

 

set firewall name WAN_LOCAL rule 5 action accept

set firewall name WAN_LOCAL description "enable ping"

set protocol icmp

save;commit

 

Or something like that.

As far as I'm concerned, you have to create the new rule before the default drop in your WAN_LOCAL firewall. WAN_LOCAL is the traffic from WAN to your edgerouter. WAN_IN is the traffic from WAN through your router.

 

New Member
Posts: 46
Registered: ‎05-21-2018

Re: EdgeRouter GUI Tutorial - Allow ICMP (ping)

how to enable this only for custom list multiple ip ranges / singles ip?
Senior Member
Posts: 3,635
Registered: ‎11-26-2013
Kudos: 2022
Solutions: 110

Re: EdgeRouter GUI Tutorial - Allow ICMP (ping)

@justanitCreate an address group in the firewall/nat screen.  List the IP(s) you want to allow.  When you create the ICMP rule in the source tab specify the address group you created.

Need Ubiquiti Config Videos? https://www.youtube.com/williehowe
Highlighted
New Member
Posts: 2
Registered: ‎10-17-2018

Re: EdgeRouter GUI Tutorial - Allow ICMP (ping)

Yep..That's the way I should fix it...

Member
Posts: 126
Registered: ‎01-31-2015
Kudos: 10

Re: EdgeRouter GUI Tutorial - Allow ICMP (ping)

is possible to block icmp from lan to wans ips ? but allow from wan to lan ??

i have this lan eg 10.1.1.0/24 and from wan site i have eg 172.20.0.0/16. how i do that ? thank you guys !