Use the USG firewall ping command.


The USG2000 & 5000 & 6000 ping command is interpreted and used as follows:

The ping (Packet Internet Groper) command is the most common debugging tool for detecting network device accessibility. It uses the echo information of ICMP (ICMP6 for IPv6) to determine:
1. Whether the remote device is available.
2. The round-trip delay of communication with the remote host.
Packet (packet) of the loss of the situation.

The ping command is mainly used to check whether the network connection and the host are reachable. E.g:
Check whether the host with IP address is reachable.
Ping 56 data bytes, press CTRL_C to break
Reply from bytes = 56 sequence = 1 ttl = 255 time = 1ms
Reply from bytes = 56 sequence = 2 ttl = 255 time = 2ms
Reply from bytes = 56 sequence = 3 ttl = 255 time = 1ms
Reply from bytes = 56 sequence = 4 ttl = 255 time = 3ms
Reply from bytes = 56 sequence = 5 ttl = 255 time = 2ms
- ping statistics--
5 passengers transmitted
5 packets received
0% packet loss
Round-trip min / avg / max = 1/2/3 ms

Other related questions:
Method used to view historical commands on USG firewalls
The method used to view historical commands on USG firewalls is as follows: 1. Run the display history-command command to view 10 historical commands. 2. In the diagnosis view, run the display history-command all-users command to view 200 historical commands and the corresponding execution time.

How does the USG firewall use the tracert command?
USG2000 & 5000 & 6000 Use the tracert command as follows: Run the tracert command on the client to detect where the network has failed. E.g: The following is an example of applying tracert to analyze the network. Tracert Traceroute to (, 30 hops max, 56 byte packet 1 19 ms 19 ms 0 ms 2 39 ms 39 ms 19 ms 3 39 ms 40 ms 39 ms 4 39 ms 39 ms 39 ms 5 40 ms 59 ms 59 ms 6 59 ms 59 ms 59 ms 7 99 ms 99 ms 80 ms 8 139 ms 239 ms 319 ms 9 220 ms 199 ms 199 ms 10 239 ms 239 ms 239 ms From the above results can be seen from the source to reach the destination through the gateway IP address. If the middle of a gateway timeout, it will return "***" information, according to this information to locate the location of the failure.

Commands used to release the IP lease of DHCP on USG firewalls
You can run the following commands to release the IP lease of DHCP on USG firewalls: The specific lease duration is configurable. To release the lease, you can configure the lease period to limitless. The configuration is as follows: [sysname] interface GigabitEthernet0/0/1 [sysname-GigabitEthernet0/0/1] ip address [sysname-GigabitEthernet0/0/1] dhcp server expired unlimited

Method used to view the sequence number on USG firewalls
The sequence numbers of the USG2000, USG5000, and USG6000 are classified into the following types: -Equipment sequence number (ESN) -Component sequence number, indicating the sequence number of each component, including the board sequence number, interface subboard sequence number, optical module sequence number, and power module sequence number For the USG2000 and USG5000, check the sequence number as follows: 1. Check the ESN of the device. display firewall esn Device ESN is: 2102359833Z0C80000xx Alternatively, run the following command: display license Device ESN is: 210235XXXXXXXXXXX //Check the ESN. The file activated is : hda1:/license.dat The time when activated is : 2010/08/31 11:23:45 2. Check the ESN of each slot. display elabel [Board Properties] BoardType=SU2Z23UHT BarCode=210235G425Z0A80000xx //Device ESN Item=0235G425 Description=Secospace USG5100,SU2Z23UHT,USG5150BSR Host,with HS General Security Platform Software Manufactured=2010-08-21 VendorName=HuaweiSymantec [Slot_1] /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 [Board Properties] BoardType=SU11FSHLB BarCode=02G194D0A40000xx //ESN of the board in slot 1 Item=0302G194 Description=SRG20,SU11FSHLB,2 Channel G.shdsl Interface Board,3*1 For the USG6000, check the sequence number as follows: 1. Check the ESN of the device. display firewall esn Device ESN is: 2102359833Z0C80000xx 2. Check the ESN of all slots of the NGFW. display esn License ESN: 2102359833Z0C80000xx Slot # Type S/N P/N - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 SUAZ83UAH 210235G7G70123401230 0235G7G7 2 SUE3E8GF 02G3AC10D5000007 0302G3AC 4 SUE3E4BY 02G3A710D6000007 0302G3A7 8 SUA2E2XSF 02G3C710D6000028 0302G3C7 9 PWR 2102310GQVP0D3000081 02310GQV 10 PWR 2102310GQVP0D3000085 02310GQV 11 RPU 2102359833Z0C800000A 02359833 13 FAN 210212090410D6000034 02120904

Method used to configure the authorized ARP on USG firewalls
After the Authorized Address Resolution Protocol (authorized ARP) is enabled, the DHCP server automatically adds an ARP entry that contains the MAC address and IP address of the client to the ARP mapping table when successfully allocating an IP address to the client. In this way, the attacks to the network by forging IP addresses or MAC addresses of other legal DHCP clients are prevented, and the network security is improved. The authorized ARP is valid only on devices that enable the DHCP server function. The authorized ARP is only applicable to the networking on which the DHCP server and DHCP client are in the same network segment instead of the DCHP relay networking. To enable the authorized ARP, run the dhcp arpbind enable command in the system view. By default, the authorized ARP is not enabled on the device.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top