If you have any 2 modern Sonicwalls the feature “ping” will be disabled by your IPS (Intrusion Protection System) settings on your site-to-site tunnel.

Remember that one side has to be the primary with a default route of 0.0.0.0 and the other one to point to the public IP address of the primary.

To enable ping only without disabling the protection of “low priority attacks” ping can be enabled specifically. This can be done by:

  1. Log into router web interface
  2. Click on “Manage” (for newer models) or “security services”
  3. Click on “Intrusion Prevention”
  4. Find “IPS Policies” heading
  5. Locate ‘ICMP”
  6. Click “Configure” button next to ICMP
  7. Match these settings

I left the “detection” set to on. This way pings are logged but not blocked. If you only want ping to work across the tunnel but not from the internet to the SonicWall you will need to change the “Included IP address range” to the range of the remote location’s RFC1918 subnet.

Leave a Reply

Your email address will not be published. Required fields are marked *