Support Downloads Community

UniFi Video is an obsolete product line.

This application and its related devices will no longer receive any manner of technical support, including functional and security updates. Additionally, there will be no further updates to Help Center content pertaining to UniFi Video.

UniFi - UDM/USG Firewall: How to Enable ICMP on the WAN Interface

Overview

Readers will learn how to configure the firewall to enable ICMP traffic on the WAN interface of the UDM and USG models.

NOTES & REQUIREMENTS:
  • Applicable to the latest firmware on all UDM and USG models.

Table of Contents

  1. Introduction
  2. Creating an ICMP WAN Firewall Rule
  3. Related Articles

Introduction

The Internet Control Message Protocol (ICMP) offers a number of benefits to networks including the ability to ping devices, troubleshoot and test connectivity, and get error codes to aid in diagnosis.

The UniFi Dream Machine (UDM) and UniFi Security Gateway (USG) models offers administrators many useful features to their UniFi managed network, including the ability to manage firewall rules that help ensure the security of the network. In current UniFi Network releases, ICMP echo requests are blocked by default on the WAN interface and need to be manually allowed. 

Creating an ICMP WAN Firewall Rule

Follow the steps below to create a firewall rule that matches on and permits ICMPv4 traffic on the UDM/USG WAN interface:

GUI: Access the UniFi Network application.

1. Navigate to the  settings.png  Settings > Internet Security > Firewall and select the WAN tab.

2. Select Create New Rule to add a WAN firewall rule.

3. Fill in the fields below:

Type: WAN Local
Description: ICMPv4
Enabled: Checked
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: ICMP
IPv4 ICMP Type Name: Echo Request
Match all protocols except for this: Unchecked
Source: Optional
Destination: Optional
Advanced: Optional

wan-firewall-rule.png

4. Apply the changes.

When using the Classic Web UI, navigate to the  settings.png  Settings > Routing & Firewall  > Firewall > WAN LOCAL section instead and select Create New Rule. Afterwards, fill in the fields below:

Name: ICMPv4
Enabled: On
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: ICMP
Match all protocols except for this: Unchecked
IPv4 ICMP Type Name: Echo Request
Source: Optional
Destination: Optional
Advanced: Optional

Related Articles

UniFi - UDM/USG: Introduction to Firewall Rules

Intro to Networking - Network Firewall Security

Was this article helpful?
105 out of 166 found this helpful