When I try to ping my public IP, I don’t get a response. My router is a Unifi Cloud Gateway Ultra. How do I make it so that it responds to ping requests?
To enable your Unifi Cloud Gateway Ultra to respond to ping requests on its public IP address, you’ll need to allow ICMP (Internet Control Message Protocol) traffic through the firewall. Here’s how you can do that:
First, access your Unifi Network Controller, either locally or through the Unifi Cloud portal. Once logged in, navigate to the Settings section of the controller dashboard. Under Settings, look for Security or Routing & Firewall.
Next, you’ll need to create a new firewall rule. In the Firewall section, go to the WAN IN section to create a rule that allows incoming traffic from the internet. Click on Create New Rule and configure it as follows: Give the rule a descriptive name, such as “Allow ICMP (Ping) Requests.” Set the action to Accept, choose ICMP as the protocol, and set the source to Any if you want to allow pings from any external source, or specify a particular IP range if necessary. The destination should be set to Your Public IP, and you can leave the port field blank, as ICMP does not use ports.
After configuring the rule, click Apply Changes or Save and ensure the rule is enabled. Once the rule is applied, try pinging your public IP address from an external network, such as using your mobile data. You should now receive a response.
It’s important to note that allowing ICMP traffic to your public IP can expose your network to potential probing by attackers. If you don’t have a specific need for this, it’s generally recommended to keep ICMP responses disabled. If you need to enable it temporarily for troubleshooting, remember to disable it afterward.
4 Likes
This response is nothing but straight factual information.
PLEASE DO NOT ENABLE WAN PING ON THAT INTERFACE
True that you generally do not want to, however, sometimes there is a legitimate reason to do so and it is up to the person who owns the equipment and what they are trying to do whether they want to enable such things or not and open themselves to higher risk because of it. Shadowbane addressed this in his post here with this:
1 Like
Maybe I should have asked @felix920506 why he was trying to ping their public IP address, in other words, what his ultimate goal was. I could have clarified that allowing ICMP packets on your Wan interface is very dangerous. Allowing ICMP packets is the last thing you want to do.
That’s a good way to break PPPoE (for example), some types can be a good idea to block and use rate limiting for the rest.
I wanted to enable it mainly for troubleshooting purposes, as when I made the post I was having problems connecting to my home server and wanted to check if something was preventing me from reaching my public IP
A restricted ICMP Echo is necessary if you are configuring a tunnel service like he. Net’s tunnelbroker.
Welcome to the community also no it’s not.