Overview
Readers will learn how to configure the firewall to enable ICMP traffic on the WAN interface of the UDM and USG models.
- Applicable to the latest firmware on all UDM and USG models.
Table of Contents
Introduction
The Internet Control Message Protocol (ICMP) offers a number of benefits to networks including the ability to ping devices, troubleshoot and test connectivity, and get error codes to aid in diagnosis.
The UniFi Dream Machine (UDM) and UniFi Security Gateway (USG) models offers administrators many useful features to their UniFi managed network, including the ability to manage firewall rules that help ensure the security of the network. In UniFi Controller releases v5.5.x and newer, ICMP echo requests are blocked by default on the WAN interface and need to be manually allowed.
Creating an ICMP WAN Firewall Rule
Follow the steps below to create a firewall rule that matches on and permits ICMPv4 traffic on the UDM/USG WAN interface:
1. Navigate to the 
Settings > Internet Security > Firewall section of the UniFi Controller and select the WAN tab.
2. Select Create New Rule to add a WAN firewall rule.
3. Fill in the fields below:
Type: WAN Local
Description: ICMPv4
Enabled: Checked
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: ICMP
IPv4 ICMP Type Name: Echo Request
Match all protocols except for this: Unchecked
Source: Optional
Destination: Optional
Advanced: Optional
4. Apply the changes.
When using the Classic Web UI, navigate to the Settings > Routing & Firewall > Firewall > WAN LOCAL section instead and select Create New Rule. Afterwards, fill in the fields below:
Name: ICMPv4
Enabled: On
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: ICMP
Match all protocols except for this: Unchecked
IPv4 ICMP Type Name: Echo Request
Source: Optional
Destination: Optional
Advanced: Optional