Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 5883 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can I ping over a specific interface without using the UTM Tools?

Christoph Müller

Hello everyone,

 

I have already looked up anything I could for this particular problem and in earlier firmware versions this seems possible.

Background: 
I have a customer that wants to perma-ping some IPs in the public web for diagnostic reasons. The customer has two WAN interfaces and one of these is reserved for connections to those public IPs he wants to ping.

Now normally I would simply say "use the UTMs tools" but he wants a continuous ping for likely hours which the UTM does not provide in the GUI.
So I tried to configure it in the multipathing and I get this:

 Please note, that this is a recreation on my firewall, not the customers. Both use 9.510 as firmware and are the same model.

I have 0 ideas how to get around this.

Can anyone shoot me some ideas on how to get this config working? I need to get one specific desktop to ping stuff on the internet over one interface of the UTM.

 

Thanks in advance!


Regards
~ Chris



This thread was automatically locked due to age.
Parents
  • 0

    Hallo Chris and welcome to the UTM Community!

    We don't really know the problem your customer is trying to solve, only the solution that he's imagined.  Will Uplink Monitoring give them what they need?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob,

    thanks for the answer and suggestion.

    I don't think it will though. Uplink monitoring just checks if there is something reachable through the uplink interface, correct?

    The customer basically has some latency issues that he tries to make sense of. The public IPs he is trying to reach are rented and the provider is not acknowledging the issues.

    Thus our customer is trying to get at least reproducable proof about what is happening, ideally with a timestamp.
    You can do that via scripted ping. At least this way you get the response times and timeouts with a time and date that he can hit the provider with.
    Only issue with that plan is that the ping would currently be sent over the default WAN and he has another WAN that is reserved for the connections to those webservers so we need to check over this specific second WAN interface.

    We already know that the WAN interface should not be the root of these issues as I have checked from different sources towards that WAN interface of our customer and the interface itself seems to work perfectly.

    Best regards,

    Chris

  • +1 in reply to Christoph Müller

    Hi Chris,

    i can confirm that you cant use ICMP in Multipath rules in 9.6 either.

    You could try using Policy Routes like this:

     

    If you have static routes configured please use "internet v4" instead of "any" in "Destination Network" otherwise you'll break your ICMP communication in those networks.

    If you know the destination IPs you can insert them as Network group object in "Destination Network" Field.

    Yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

  • 0 in reply to lna

    Hey Lukas,

    thanks, I have not thought about policy routes in this constellation.

    This should work as I can either put in the whole network or probably single IPs too for the source.

     

    I will have our customer try this ASAP.

     

    Thanks again!

     

    Best regards

    Chris

Reply
  • 0 in reply to lna

    Hey Lukas,

    thanks, I have not thought about policy routes in this constellation.

    This should work as I can either put in the whole network or probably single IPs too for the source.

     

    I will have our customer try this ASAP.

     

    Thanks again!

     

    Best regards

    Chris

Children
No Data
Unfiltered HTML