ping to 8.8.8.8 denied, should not be

FTINCFTINC
edited January 23 in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

I have a Watchguard T20 firewall, 12.11.6 (Build 728370) (Latest Release). It's blocking pings to 8.8.8.8 and i'm not sure why.

From traffic monitor, I have the following entry showing that ping to 8.8.8.8 is denied:
2026-01-23 10:50:03 Deny 192.168.1.7 8.8.8.8 echo-request/icmp Trusted SHAW blocked sites 40 63 (Ping-00) proc_id="firewall" rc="101" msg_id="3000-0173" duration="0" sent_bytes="40" rcvd_bytes="0" type="8"

In Firewall -> firewall policies -> Ping:
(no changes, factory default policy)
Enable: checked
From: Any-Trusted, Any-Optional
To: Any

In Firewall -> blocked sites, there are no blocked sites.
In Firewall -> blocked sites exceptions, I added 8.8.8.8, still blocked.

In System status -> diagnostics, ping 8.8.8.8, result is "ping: sendmsg: Operation not permitted"
In System status -> diagnostics, ping 8.8.4.4, result is "64 bytes from 8.8.4.4: icmp_seq=1 ttl=120 time=29.2 ms"

From desktop computer, ping 8.8.8.8, no response.
From desktop computer, ping 8.8.4.4, good response.

What would cause this and how do I fix?

To add to above, all traffic to 8.8.8.8 is being blocked:

2026-01-23 11:01:03 Deny 192.168.1.141 8.8.8.8 dns/udp 53457 53 Trusted SHAW blocked sites 60 127 (DNS-00) proc_id="firewall" rc="101" msg_id="3000-0173" duration="0" sent_bytes="60" rcvd_bytes="0"

2026-01-23 11:11:03 Deny 192.168.1.128 8.8.8.8 https/tcp 57947 443 Trusted SHAW blocked sites 52 127 (HTTPS-proxy-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 8 S 482552011 win 61690" duration="0" sent_bytes="52" rcvd_bytes="0"

Comments

  • Bruce_BriggsBruce_Briggs

    check your temp blocked sites list.

    Web UI: System Status -> Blocked Sites
    Firebox System Manager: Blocked Sites tab

    If it is on the temp blocked sites list, then it is caused by a previous deny, which should be in your firewall logs if you keep daily ones

  • FTINCFTINC

    @Bruce_Briggs said:
    check your temp blocked sites list.

    Web UI: System Status -> Blocked Sites
    Firebox System Manager: Blocked Sites tab

    If it is on the temp blocked sites list, then it is caused by a previous deny, which should be in your firewall logs if you keep daily ones

    Thank you. I didn't realize that blocked site list existed. It was blocked with "port scan attack".

  • james.carsonjames.carson Moderator, WatchGuard Representative

    It may not hurt to put 8.8.8.8 on the blocked sites exception list. Google doesn't generally run port scans from their IP ranges, so the source IP was likely spoofed in that port scan.

    See:
    (Create Blocked Sites Exceptions)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/intrusionprevention/blocked_sites_create_exceptions_c.html

    -James Carson
    WatchGuard Customer Support

Sign In to comment.