Default WG Ping Policy - small change unexpected results

I'm setting up a new T85 with the latest firmware 12.9.3, I'm troubleshooting
voip calling issues. The Sip provider said we need to allow pings from two
ip addresses, and if possible extended the "keep alive" sessions to at least two
minutes. I'm not sure where this keepalive policy is located, is this adjustable?

Also I inserted the two ip's (64. addresses) in the From Field in the default
WG Ping policy and now it seems to respond to pings from my Cellular enabled
laptop which is coming from a 172 public address.

I restored my "failsafe" config (I always backup before I make changes), updated
the WG but it still responds to a wan ip, which before today it rejected them. I used WSM, but I logged directly into the Firebox and the Ping Policy is where it should be, the 64 addresses removed, the defaults from Any Trusted to Any Optional to Any are there. How can I resolve this? I can post the public ip but I'm not sure is this safe to do on this forum?


  • Well, this is odd, I had to give it 30 minutes and the WG stopped responding, so evidently there's some processing times needed when I restored the default config. I then re-entered the 64 addresses and now my cellular hotspot now gets a "Request Timed out." And, it responds to the Voip Sip Provider's IP address.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @RB2023 I'd suggest making a case if the policies you're creating aren't being honored. Without any logs or the ability to see your config, it's difficult to give you any kind of answer. Creating a support case allows you to share your logs and config via the case which is secure, vice the public forums.

    You can create a case by clicking on the support center button at the top right of this page.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.