How do I create Ping (ICMP 8 255) via CLI policy-type
Hi, Hope someone else has come across this,
Everytime I try to create Ping (IMCP type 8 code 255) using the cli method I keep getting the type back as 0 not 8 or anything else, the only options you have are like below
policy-type testping1 protocol icmp Echo_Reply 255
policy-type testping1 protocol icmp Echo_Request 255
or policy-type testping1 protocol icmp Any 255
each time they always show as the below
service-single/protocol(icmp):type(0) code(255)
It doesn't matter which type you select it always comes back with the type as 0
Kind Regards
Best Answer
-
Juan_Nakasone
WatchGuard Representative
Hello Preston,
Thank you for reporting this behavior. I have confirmed that it is a bug in the CLI, and the defect is being tracked as FBX-16050.
The policy-type command is used to create a new custom policy type, but if you only need to create a Ping policy you may use the built-in Ping policy type. That policy type already has ICMP type 8 and code 255.
WG(config/policy)#show policy-type Ping -- -- Service Object <Ping> -- name: Ping idle timeout: 0 second(s) members: (1): service-single/protocol(icmp):type(8) code(255)To create your policy use the rule command and specify Ping as the policy-type. For example:
WG(config/policy)#rule NewPing WG(config/policy/rule-NewPing)#policy-type Ping from alias Any-Trusted to alias Any-External WG(config/policy/rule-NewPing)#apply
Sincerely,
Juan Nakasone | Support Engineer
WatchGuard Technologies, Inc. | www.watchguard.com5
Answers
Thanks Juan, it's good to know it is a bug and I'm not going mad
I am working on a CLi script for a large conversion from another vendor to watchguard and I was trying to add the Ping to the current custom policy template as well as the other TCP and UDP ports, the only way I can see of doing this is to create the policy-type protocol ICMP (0) , (255)
I haven't got as far as the actual rule creation bit, but many thanks for the tip on the policy creation
Kind Regards