I have created a sample firewall rule at the very top which is:
Source: Internal network
Service: ping, ping6, Traceroute
Destination: External Network, Internal Network, specific devices I want to block from being accessed.
Action: block and log.
The issue: When I try to ping outside networks (google DNS) with this rule enabled, the action times out meaning the firewall is blocking that service and therefore the firewall rule is working. However, the firewall is allowing pings to any device in the internal work, even to devices I have specifically added as the destination.
Also as you can see in my firewall rules I have SSH and Telnet blocked, however I was still able to use putty to create a TCP dump which didn't really tell me anything. Yet, I was till able to log into the UTM using SSH even with a rule at the very top blocking it.
I looked at the Rulez post, and even went to so far as to completely disable every option in the IPS, Webfilter, and Application Visibility however the issue persists. There must be something I'm overlooking? All the option on the ICMP are unchecked as well.
Traffic between devices in the same subnet never transit the UTM, so you can't block it. The easiest would be to put the devices you don't want to be pingable into a DMZ so they're not in the same subnet as the "Internal (Network)."
Cheers - BobPS In the future, instead of linking to an external site, simply insert your images into the post. We can't know if that external site is properly protected. The only malware I've gotten in almost 15 years was from an external link to a picture in this Community in 2014. Thanks in advance!
Well, that explains it. They go through my switch, not the UTM. I must have forgotten about that. Therefore the firewall is working fine. I need to refresh myself on the OSI model, layer 2