VMware Cloud Community
ForecastCloudy
Contributor
Contributor
‎03-22-2012 06:11 AM

Organizational Network Firewall and ICMP pings

Hey all,

I have a routed organizational network connected to my external (network).  I have outbound internet connectivity without any problems.  I wanted to ping a VM from a remote location just to verify the accessibility of that VM FROM the internet.

In the Configure Services option on the context menu of the Organizational network I have added a firewall rule to allow incoming traffic on any Port and both TCP&UDP protocols. (this is just for connectivity testing - I wouldn't leave it like this of course)

I am unable to ping the VM host from the internet with the firewall enabled and the rule in effect.

if I disable the firewall, I am able to ping the VM.

ICMP is carried over IP specifically, does anyone know if why enabling TCP would not allow these packets through?  Did VMware seperate TCP and IP traffic?

thanks,

Chris

0 Kudos
1 Reply
nirvy
Commander
Commander
‎03-22-2012 09:32 AM

Ping uses ICMP message type 8 (request) and ICMP message type 0 (reply) packets, it does not operate on TCP or UDP, so you should consider ICMP seperate to TCP/UDP and configure a firewall rule with the ICMP protocol selected instead.  An exception to this would be for traceroute, which sends udp packets so that it can receive the ICMP transit messages (can also use tcp instead of udp in some cases).

For testing purposes, to truly allow everything in, you should select ANY from the protocol list instead of TCP/UDP

0 Kudos