Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor

ICMP traffic is not being logged

I created a rule to explicitly ALLOW and LOG ICMP "PING" traffic . 

 

Any , Any, Allowed, ICMP , Log

 

 

However I am not seeing this traffic in my logs . What gives?

 

Please Help. 

0 Kudos
7 Replies
Chris_Atkinson
Employee Employee
Employee

Is it accepted by implied rules and are those set to log?

CCSM R77/R80/ELITE
0 Kudos
nflnetwork29
Advisor

i tried that setting as well and it also did not show up in the logs .

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What do you see if using packet mode (sk118592) or fw up_execute to verify the rule matching...

[Expert@MyGW:0]# fw up_execute src=s.s.s.s dst=d.d.d.d ipp=1

CCSM R77/R80/ELITE
0 Kudos
nflnetwork29
Advisor

I see it matching rule 1 - this is the any any rule i created for testing . 

 

admin@172.31.255.1's password:
Last login: Thu Jul 14 17:48:10 2022 from 172.31.255.12
ESSN-CP-01> fw up_execute src=172.31.254.2 ipp=1 dst=172.31.255.100
Rulebase execution ended successfully.
Overall status:
----------------
Active clob mask: 0
Required clob mask: 0
Match status: MATCH
Match action: Accept

Per Layer:
------------
Layer name: ESSN-SHARED-SVCS-MGMT
Layer id: 0
Match status: MATCH
Match action: Accept
Matched rule: 1
Possible rules: 1 11 22 16777215

ESSN-CP-01>

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Are there any filters being applied to the log search?

Does the problem persist if you install the policy again?

The bi-directional traffic is visible in a packet capture on the firewall?

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
Legend Legend
Legend

If the ping has been running continuously while you created rule 1 and installed policy, it will not match rule 1 until you stop the ping for about 30 seconds and restart it (or just ping a different address).  That is because the old ICMP "connection" still exists in the state table matching whatever rule (probably implied) was there before allowing it.  

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
cchacons-tech
Explorer

Still un-resolve ah ?

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events