Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Collaborator

ICMP PING blocked over VPN

Another headscratcher for you !!

 

Can anyone tell me if ICMP PING is denied over site to site VPN communities by default in the checkpoint MDS and how to allow it?


We are having some “issues” with our techs where they think the VPN site to site tunnels are down when they are in fact up and running however the only testing that is being done is ICMP PING.

0 Kudos
Reply
2 Replies
PhoneBoy
Admin
Admin

Do you have an explicit rule that allows this behavior?
What precise logs do you get when someone tries ICMP?
0 Kudos
Reply
Cyber_Serge
Contributor

Depend on your version,you can check the status of VPN tunnel from SmartDashboard.

Depend on our firewall policy, did you allow ping? Did you log the stealth rule? (Maybe it got drop in stealth rule and did not log).

Did traceroute show correct route from one end to the other over the tunnel? Or it did not even reach the peer device?

VPN issue can be caused by many different reasons. My recommendation wold be to open a support ticket and have someone perform the troubleshooting steps with you to eliminate each possible cause.

0 Kudos
Reply