Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
The PC can ping the firew...

The PC can ping the firewall, but the firewall cannot ping the PC.

Created: Aug 16, 2019 09:46:58Latest reply: Mar 29, 2021 17:07:03 1304 10 1 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello everyone,

I have upgraded my eNSP recently. When I was doing an experiment, I found that the PC can ping the firewall, but the firewall cannot ping the PC.

This never happened before, it's so strange, I have configured the service-mange command under the interface.

Please help me! Thank you!

11

Like (1) Dislike (0) Favorite(0) Share Report
Previous: ​Problem to register accounting of IPv6 PD address of PPPoE client in dual-stack config
Next: Principle of ARP
Featured Answers

Best answer

Recommended answer

(1) (0)
Popeye_Wang
Admin Created Aug 16, 2019 09:54:28

Hi @Sprout!


I think I know what the problem is.


The priority of the service-manage function is higher than that of the security policy. Only when the service-manage function is enabled on the inbound interface can the device be accessed via the corresponding interface. 


However, firewall V1 and V5 have different mechanisms in different versions. In V1, only the service-manage ping enable command needs to be enabled on the interface to implement the ping function between the device and the peer end. The interzone policy between the local and trust zone doesn’t need to be set to permit.

But for V5R1 firewalls, the service-manage command can only allow packets to enter the device so that the device can be pinged. The packets initiated by the device are controlled by the interzone policy, so only after the interzone policy has been set to permit can the device ping other devices.


The firewall image in the newest eNSP is the V5 version. So you also need to configure the security policies.
View more
  • x
  • convention:

Unicef
Unicef Created Jun 14, 2020 12:52:14 (0) (0)
VERY GOOD  
user_3894435
user_3894435 Created Jul 1, 2021 16:04:38 (0) (0)
 
All Answers
(1) (0)
2#
Popeye_Wang
Popeye_Wang Admin Created Aug 16, 2019 09:54:28

Hi @Sprout!


I think I know what the problem is.


The priority of the service-manage function is higher than that of the security policy. Only when the service-manage function is enabled on the inbound interface can the device be accessed via the corresponding interface. 


However, firewall V1 and V5 have different mechanisms in different versions. In V1, only the service-manage ping enable command needs to be enabled on the interface to implement the ping function between the device and the peer end. The interzone policy between the local and trust zone doesn’t need to be set to permit.

But for V5R1 firewalls, the service-manage command can only allow packets to enter the device so that the device can be pinged. The packets initiated by the device are controlled by the interzone policy, so only after the interzone policy has been set to permit can the device ping other devices.


The firewall image in the newest eNSP is the V5 version. So you also need to configure the security policies.
View more
  • x
  • convention:

Unicef
Unicef Created Jun 14, 2020 12:52:14 (0) (0)
VERY GOOD  
user_3894435
user_3894435 Created Jul 1, 2021 16:04:38 (0) (0)
 
(0) (0)
3#
Vadim_K
Vadim_K Created May 29, 2020 20:20:55

Could anybody explain how to PERMIT ping packets from USG to directly connected device, in situation when port already in TRUST zone?
Issue is PC can ping firewall, but firewall cant ping PC,
and only one solution is set default action of security-policy to PERMIT ...
Do anyone have better solution how to let firewall ping PC without permitting everything?
View more
  • x
  • convention:
(1) (0)
4#
scarletT
scarletT Created Jun 14, 2020 12:37:39

Thank you!The PC can ping the firewall, but the firewall cannot ping the PC.-3339447-1
View more
  • x
  • convention:
(1) (0)
5#
scarletT
scarletT Created Jun 14, 2020 12:37:44

Great idea
View more
  • x
  • convention:
(0) (0)
6#
Giandiego
Giandiego Created Jan 19, 2021 03:19:49

Nice
View more
  • x
  • convention:
(1) (0)
7#
LilStylz237
LilStylz237 Created Mar 10, 2021 20:35:03

Thanks
View more
  • x
  • convention:
(1) (0)
8#
LilStylz237
LilStylz237 Created Mar 10, 2021 20:35:20

For sharing
View more
  • x
  • convention:
(0) (0)
9#
ulrichwandja
ulrichwandja Created Mar 29, 2021 17:07:03

Nice
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.