Jump to content
RESET Forums (homeservershow.com)
Sign in to follow this  
Poppapete

Internet Access ?

Recommended Posts

oj88

Does the Sophos respond to ICMP pings on the LAN interface from say a PC?

Share this post


Link to post
Share on other sites
Poppapete

Does the Sophos respond to ICMP pings on the LAN interface from say a PC?

I cannot ping sophos from my desktop!

 

Sophos probably only allows pinging some ports!

 

EDIT:

 

BINGO - oj88

 

I changed the Sophos settings to allow ICMP on and thru Gateway and problem solved.

 

Turns out my Sony BD Player pings the Gateway and if there is no response assumes no internet and stops there.

 

Now to see if I can allow the ping only on that device!

 

Thank you for all the advice and help.

Share this post


Link to post
Share on other sites
oj88

Just spitballing but it could be that the Sony checks first if the gateway is reachable before it actually uses it. Being unable to receive any respond from it makes it believe that the gateway is unavailable.

 

Try to setup Sophos to respond to ICMP ping on the LAN side to test this theory.

Share this post


Link to post
Share on other sites
Drashna Jaelre

... that's pretty... odd. Well, glad it was a simple issue!

 

As for allowing the ping, yes, you should be able to do that.

 

Create definition (host) for the Sony device. 

Then create a rule in the firewall section. Set the source to be the Sony device, and the destination to be the "Internal (Address)", and use the "ping" service. 

 

This may fix the issue.

 

 

That or just allow the gateway ping in the ICMP section (is there a reason you don't want to?)

Share this post


Link to post
Share on other sites
oj88

Yeah, I would just allow ICMP on the LAN interface. Not much danger if you know every device that is on the LAN. Especially if you already have a separate network for guests.

Share this post


Link to post
Share on other sites
ikon

Yeah, allowing PING only inside the LAN should be fine. While it is a bit unusual that the BD player does a PING check before trying to connect to the Internet, Sony isn't technically wrong. Yes, allowing ICMP has turned out to be a security risk but, strictly speaking, the Internet standards specify (or at least they did — I haven't checked in quite a while) that ICMP has to be enabled in order for a device to be compliant with the standards. It's a bit of a conundrum. Sony figured they should be safe (according to standards) by using PING but no one today leaves ICMP enabled, at least not on the WAN side.

Share this post


Link to post
Share on other sites
Poppapete

Adding a firewall rule to allow internal ping for the BD player worked. The ASUS router must allow pings by default. Must be a reason the player pings the Gateway before it allows internet connection. I have 3 Sony Bravia TV's about the same vintage and they don't!!!

  • Like 1

Share this post


Link to post
Share on other sites
ikon

To be honest, Sophos is the only firewall I've ever encountered that disables ICMP internally. These days, almost all of them disable it externally, but not internally.

Share this post


Link to post
Share on other sites
Poppapete

I found that thread after I had worked out my problem.  He has discovered the obvious that you must have the pings disabled globally to allow a individual ping rule.

 

I allowed all pinging internally globally and found it solved my problem then I disallowed pinging internally globally and added an individual rule for the device. As Ikon states there is no problem in allowing the ping internally but I just like the idea of playing with Sophos and setting up all the options. It has taken me months just to become a novice with Sophos but I just love the interface and the options.

 

I can go to sleep at night knowing my family are safe behind their UTM firewall :rolleyes:

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×
×
  • Create New...