Should I be able to ping Meraki Go GX20 external IP?

Solved
Daryl1
Just browsing

Should I be able to ping Meraki Go GX20 external IP?

Hello,

 

I've set up a Meraki Go GX20 in an office.  The office is a managed office and their firewall is managed by them.  They have assigned me a public IP which I have configured on the WAN interface of the Meraki device.  The port forwarding isn't working but I don't know if that's a problem with the Meraki or a problem with the managed office network.  I cannot ping the Meraki device externally using the public IP.  My question is.. Should I be able to?  As a test, I've created an Allow Any L3 firewall rule to effectively disable the firewall just for testing.  However, there is no option to specifically allow ICMP so I don't know if I should be able to ping the public IP or not.

1 Accepted Solution
Xydocq
A model citizen

It took some time to do some testing and to fix things here, the GX20 is responding to the ping request over the internet. I disconnected everything from the GX20 and the ping went thru, I disconnected the GX20 from the modem/router and the ping failed. So it has to be GX20 responding to the ping request.

 

Did you check the firewall-settings on the laptop? I am not as experienced as you, I spent hours figuring out why I was able to ping printer and such on a different VLAN but no computer connected to it. It turned out to be Windows-firewall to block the requests.

View solution in original post

6 Replies 6
Xydocq
A model citizen

Hello @Daryl1 

 

I am a bit puzzled with what you described.

 

The GX20 sits behind a firewall but gets a public IP? I assume your WAN settings on your GX20 don't have the IP-range of Class A 10.0.0.0 to 10.255.255.255, Class B 172.16.0.0 to 172.31.255.255 or Class C 192.168.0.0 to 192.168.255.255. Those would be considered private IP ranges.

 

Here's an example:

WAN-settings.png

This GX20 sits behind a modem/router set as passthrough, so all incoming traffic is directly send to the GX20. It uses a Class B type address to connect to the modem/router. No firewall rules apply to that type of connection.

 

If it is true, that you get a public IP and no firewall rules apply, you should be able to ping the GX20 over the internet. But some routers are set to NOT respond on ping requests on the WAN-port and others have different rules when to accept a ping.

 

I am able to ping the public IP of that GX20 shown in the example and get a response, even I am not 100% sure the response is from the GX20 because I don't have the tools to figure out what device really responded (ISP-router, GX20 or web-server).

 

Personally I think it is a good thing not to receive a ping over the internet from a router. Unless you run a web-server or something similar on the public IP.

 

Should you be worried ping isn't working? Definitely not. You have other ways to check if the GX20 is online, and should not depend on a ping.

 

Cheers

Daryl1
Just browsing

Hi, thanks for replying.

 

Yes I know it's unusual, but there is no NAT configured on the office firewall.  They're somehow passing the public IP through to me which is why I've put the GX20 there.  I will put my server behind the GX20 eventually but I've put an old laptop behind it for now just to test the inbound access as I need to minimize the downtime when I move the server.  The GX20 is showing up in the Meraki cloud and the laptop behind it is showing up as online.  All outbound access works fine.  However, the port forwarding isn't working on the GX20.  Pinging the external IP also doesn't work which makes me think it's a problem with the office firewall configuration despite their IT people saying nothing is blocked so everything should be allowed to and from the public IP.

 

I understand that not being able to ping can be a good thing but it's a good test to see if the office routing through to my GX20 is working.  The ping isn't working but I don't know if that's a configuring issue with the office firewall or if the GX20 just isn't responding to pings on the WAN interface.  I saw a post somewhere where someone else said their GX20 wasn't responding to pings on the WAN interface, so I wanted to check in case that was the default for all GX20's.

 

Thanks,

Daryl

Xydocq
A model citizen

You say the port-forwarding on your GX20 isn't working. What makes you believe it isn't working?

 

I know, currently you can have problems setting it up on web.meraki-go.com, when I pick a device from the list the screen turns green and gets stuck. But entering the IP address of the device manually works fine. The android app seems to be working too.

 

I have a couple of port-forwarding rules on my GX20 and they all work fine.

Daryl1
Just browsing

I had the same problem with the green screen but as you say it works fine by IP.  The iPhone app also gets stuck when selecting a device but it works when entering the IP.  So I have the port forwarding rules configured but I'm unable to access the ports externally.  So the problem is either with my GX20 configuration which is unlikely as I've worked in IT for 25 years and have a decent amount of firewall/routing experience, or it's a problem with the office firewall configuration (or some other upstream issue).  Although I've never used Meraki before, it's a simple port forwarding configuration.

 

I can't access the laptop externally through the port forwarding and I can't ping the public IP configured on the WAN interface of the GX20 which makes me believe it's an upstream issue.  I'm in discussion with the managed office IT team about it, but after seeing someone else post that they're unable to ping their WAN interface IP I just wanted to check that I should be able to.  ie.. check that the GX20 should respond to pings as their is no specific option to allow ICMP on the GX20.

Xydocq
A model citizen

It took some time to do some testing and to fix things here, the GX20 is responding to the ping request over the internet. I disconnected everything from the GX20 and the ping went thru, I disconnected the GX20 from the modem/router and the ping failed. So it has to be GX20 responding to the ping request.

 

Did you check the firewall-settings on the laptop? I am not as experienced as you, I spent hours figuring out why I was able to ping printer and such on a different VLAN but no computer connected to it. It turned out to be Windows-firewall to block the requests.

Daryl1
Just browsing

Thank you for testing.  That's very kind of you.

 

I did check the firewall on the laptop, in fact I disabled it.

 

So it does look like an upstream issue as the ping isn't working either.  I'll accept your solution.  

 

Thanks again for your help.

Get notified when there are additional replies to this discussion.