• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5446
  • Last Modified:

Enable ping and tracert through sonicwall

I would like to know what rules I need to create to allow a tracert through a sonicwall tz170.
There is a default service for ping but not for tracert.
0
kallatech
Asked:
kallatech
  • 3
  • 3
1 Solution
 
JMorganReadCommented:
You have to allow outgoing UDP messages to ports 33434 through 33534 as well as allow outgoing ICMP echo requests.  I'm not sure what the exact syntax is for your sonicwall, but that's the gist of what you need to do.  That will let Windows and *nix tracerts through the firewall.  Hope this helps :)
0
 
kallatechAuthor Commented:
There is a service in the sonicwall called echo is that what you are talking about?
I created a service using udp and put in the port range you suggested.
I then did the astrerik to asterik allow when setting up the rule.
Are you saying I also need to do this for icmp and the echo service?
0
 
JMorganReadCommented:
Right.  We don't have the exact setup - - I have a different model of SonicWall, but you need to set up an access rule which allows incoming or outgoing (as appropriate to which way you want to trace) echo service on ports 33434 to 33534.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
kallatechAuthor Commented:
I also created a rule that allows any service in and any service out would that not do that same thing or does the sonicwall require a specfic rule?

Here is my understand of what you are telling me I create a rule using the echo service that runs on the port range you gave me using icmp and that should allow tracert in and out?
0
 
kallatechAuthor Commented:
I created a rule that uses the echo service and did the asterisk to asterik allow.
I also created a rule that allows icmp 1 through the port range you gave me with the asterisk to asterik allow.

Is this all I need?
0
 
JMorganReadCommented:
Yes, should be.
0

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now