×

UniFi - UDM/USG Firewall: How to Enable ICMP on the WAN Interface

Overview

Readers will learn how to configure the firewall to enable ICMP traffic on the WAN interface of the UDM and USG models.

NOTES & REQUIREMENTS:
  • Applicable to the latest firmware on all UDM and USG models.

Table of Contents

  1. Introduction
  2. Creating an ICMP WAN Firewall Rule
  3. Related Articles

Introduction

The Internet Control Message Protocol (ICMP) offers a number of benefits to networks including the ability to ping devices, troubleshoot and test connectivity, and get error codes to aid in diagnosis.

The UniFi Dream Machine (UDM) and UniFi Security Gateway (USG) models offers administrators many useful features to their UniFi managed network, including the ability to manage firewall rules that help ensure the security of the network. In UniFi Controller releases v5.5.x and newer, ICMP echo requests are blocked by default on the WAN interface and need to be manually allowed. 

Creating an ICMP WAN Firewall Rule

Follow the steps below to create a firewall rule that matches on and permits ICMPv4 traffic on the UDM/USG WAN interface:

GUI: Access the UniFi Controller Web UI.

1. Navigate to the  settings.png  Settings > Internet Security > Firewall section of the UniFi Controller and select the WAN tab.

2. Select Create New Rule to add a WAN firewall rule.

3. Fill in the fields below:

Type: WAN Local
Description: ICMPv4
Enabled: Checked
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: ICMP
IPv4 ICMP Type Name: Echo Request
Match all protocols except for this: Unchecked
Source: Optional
Destination: Optional
Advanced: Optional

wan-firewall-rule.png

4. Apply the changes.

When using the Classic Web UI, navigate to the  settings.png  Settings > Routing & Firewall  > Firewall > WAN LOCAL section instead and select Create New Rule. Afterwards, fill in the fields below:

Name: ICMPv4
Enabled: On
Rule Applied: Before Predefined Rules
Action: Accept
IPv4 Protocol: ICMP
Match all protocols except for this: Unchecked
IPv4 ICMP Type Name: Echo Request
Source: Optional
Destination: Optional
Advanced: Optional

Related Articles

UniFi - UDM/USG: Introduction to Firewall Rules

Intro to Networking - Network Firewall Security

Was this article helpful?
14 out of 19 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community