info_i_25x25.png Due to unforeseen weather conditions we are experiencing higher chat wait times. Remember you can also submit a ticket and one of our support representatives will get back to you as soon as possible. We apologize for the inconvenience.

UniFi - USG Firewall: How to Enable ICMP over WAN


Overview


This guide will explain how to configure a firewall rule in the UniFi Controller to either block or permit ICMP traffic over WAN. 

NOTES & REQUIREMENTS:
Applicable to UniFi Controller versions 5.5.X and newer. In previous versions, ICMP was enabled by default so these steps would be unnecessary. Devices mentioned in this article:

Table of Contents


  1. Introduction
  2. Steps: How to Enable ICMP Traffic in UniFi Controller
  3. Related Articles

Introduction


Back to Top

The Internet Control Message Protocol (ICMP) offers a number of benefits to networks including the ability to ping devices, troubleshoot and test connectivity, get error codes to aid in diagnosis, etc.

The UniFi Security Gateway (USG) offers administrators many useful features to their UniFi managed network, including the ability to manage firewall rules that help ensure the security of the network. In UniFi controller versions 5.5.x and newer, ICMP echo requests are blocked to WAN by default, meaning your WAN IP will drop ICMP echo requests sourced from the Internet. This can be allowed via a firewall rule. 


Steps: How to Enable ICMP Traffic in UniFi Controller


Back to Top

ICMP Traffic can be easily enabled by creating a firewall rule in the UniFi Controller and can be done on any UniFi network with a USG. To create this rule, follow each step as follows:

  1. Open your UniFi Controller
  2. Go to Settings > Routing and Firewall
  3. Select the Firewall tab at the top of the page
  4. Select WAN LOCAL
  5. Click Create New RuleAllowICMP.png
  6. Name the rule "Allow ICMP" or something of your choice that easily identifies the purpose of the rule.
  7. Toggle the Enabled option to "On" 
  8. Select Rule Applied: Before predefined rules
  9. Select Action: Accept
  10. Select Protocol: ICMP. 
  11.  Select IPv4 ICMP Type Name: can be selected to only allow a specific type of ICMP(such as echo request or echo reply).
  12. Click Save at the bottom of the screen to finalize changes.
  13. After completing these steps, ICMP will be enabled over the WAN. 

Related Articles


Back to Top

UniFi - USG Troubleshooting: How to Reset to Default Settings

UniFi - USG Adoption: How to Adopt a USG

UniFi - USG Port Forward: Port Forwarding Configuration and Troubleshooting