This guide will explain how to configure a firewall rule in the UniFi Network Controller to either block or permit ICMP traffic over WAN.
NOTES & REQUIREMENTS:
Applicable to UniFi Network Controller versions 5.5.X and newer. In previous versions, ICMP was enabled by default so these steps would be unnecessary. Devices mentioned in this article:
Table of Contents
The Internet Control Message Protocol (ICMP) offers a number of benefits to networks including the ability to ping devices, troubleshoot and test connectivity, get error codes to aid in diagnosis, etc.
The UniFi Security Gateway (USG) offers administrators many useful features to their UniFi managed network, including the ability to manage firewall rules that help ensure the security of the network. In UniFi controller versions 5.5.x and newer, ICMP echo requests are blocked to WAN by default, meaning your WAN IP will drop ICMP echo requests sourced from the Internet. This can be allowed via a firewall rule.
Steps: How to Enable ICMP Traffic in UniFi Controller
ICMP Traffic can be easily enabled by creating a firewall rule in the UniFi Network Controller and can be done on any UniFi network with a USG. To create this rule, follow each step as follows:
- Open your UniFi Network Controller
- Go to Settings > Routing and Firewall
- Select the Firewall tab at the top of the page
- Select WAN LOCAL
- Click Create New Rule
- Name the rule "Allow ICMP" or something of your choice that easily identifies the purpose of the rule.
- Toggle the Enabled option to "On"
- Select Rule Applied: Before predefined rules
- Select Action: Accept
- Select Protocol: ICMP.
- Select IPv4 ICMP Type Name: can be selected to only allow a specific type of ICMP(such as echo request or echo reply).
- Click Save at the bottom of the screen to finalize changes.
- After completing these steps, ICMP will be enabled over the WAN.