External Pings

Question

I would like to be able to ping our WAN interface from specific external IPs, but the only thing I am seeing I can do currently is allow Ping/Ping6 via the ACLs (Administration > Device Access > Local Service ACLs). When doing so, this seems to open it up to every external IP. I tried creating a simple firewall rule to allow ICMP to the WAN interface, but it didn't seem to do anything. Am I missing something?

This thread was automatically locked due to age.

Ben@Network · Answer

Just create a local Service ACL and allow a specific IP to ping. 
 Ben

emmosophos · Answer

Hello there, 
 Thank you for contacting the Sophos Community. 
 1. Under Local Sevice ACL, you need to leave the Ping/Ping6 Disable for the WAN zone 
 2. Under Local Service ACL Exception rule create a rule like this: 
 Source Zone = WAN 
 Source Network/Host = Public IP from where you are going to be Pinging the Sophos XG 
 Destination Host = ANY 
 Services = Ping 
 Action = Accept 
 That should allow you to Ping the XG only from that specific IP. 
 Regards,

External Pings

Top Replies