Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Hi,
What is needed to ping the external interface?
I've tried to allow my FW policy to allow all from zone trust to untrust, and can ping external addresses from trust, using nat, but I'm unable to ping my external interface itself.
thanks.
You need to set the host-inbound-traffic -> system-services -> ping for you external interface in the untrust zone.
security-zone untrust { interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { snmp; ssh; ping; traceroute; } } } } }