02-28-2016 12:21 PM - edited 02-28-2016 05:22 PM
Here is another quick video tutorial for those of you who want to use the GUI to enable ICMP on one of your EdgeRouter WAN interfaces. This is quick and dirty, video link below instructions:
Step 1: Log into your EdgeRouter.
Step 2: Click the Firewall/NAT tab.
Step 3: Click the Firewall Policies tab.
Step 4: Local the ruleset called WAN_LOCAL, this is where we will allow ping.
Step 5: Click Actions, edit ruleset.
Step 6: Click Add New Rule button.
This is where you add a new rule.
Step 7: In the description put something like Allow Ping.
Step 8: Under Action click Accept.
Step 9: Under Protocol select Choose a protocol by name and then select icmp from the dropdown.
Step 10: Click the Destination tab and then select your WAN interface from the Interface Addr dropdown.
Step 11: Click Save
Step 12: Congratulations! Your EdgeRouter will now respond to ping requests on the WAN interface you selected.
Video Link: https://youtu.be/hTFqZAZeDqQ
06-25-2017 01:20 PM - edited 06-25-2017 01:25 PM
For others doing this method, it also helps to further specify the ICMP type (8) inside of the rule. The GUI method does not have this option when you set the rule. However, it's easy to add it under the "Config Tree" tab.
Adding ICMP Type 8 (Echo)
1. Click "Config Tree" tab
2. Under the "Configuration" panel on the left, expand "firewall" node
3. Expand "name" node
4. Expand "WAN_LOCAL" node
5. Expand "rule" node
6. Expand "21" node (or whatever the last one is, which should be the rule you just set)
7. Clock "icmp"
8. Enter "8" as the value of "type"
9. Click "Preview"
10. Click "Apply" on popup configuration dialog
10-17-2018 03:42 AM
set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL description "enable ping"
set protocol icmp
Or something like that.
As far as I'm concerned, you have to create the new rule before the default drop in your WAN_LOCAL firewall. WAN_LOCAL is the traffic from WAN to your edgerouter. WAN_IN is the traffic from WAN through your router.
01-27-2019 04:45 PM
@justanitCreate an address group in the firewall/nat screen. List the IP(s) you want to allow. When you create the ICMP rule in the source tab specify the address group you created.
02-13-2019 04:19 AM
is possible to block icmp from lan to wans ips ? but allow from wan to lan ??
i have this lan eg 10.1.1.0/24 and from wan site i have eg 172.20.0.0/16. how i do that ? thank you guys !