Jump to content

allow ping accross all trusted zones


haco

Recommended Posts

Hello, 

long time eset enpoint user and first time forum poster here.

 

In the RAC policy editor, we have added all our company networks as zones (and checked the mark to add them to the trusted zone).

The main goal for this is to make sure the client does not have to add their company network to the trusted zone each time (via the allow sharing dialog).

This works perfectly so far.

 

The second goal is to allow some services to work between our networks without hassle. (They are all connected with company-wide vpn)

 

More specifically, I would like to be able to ping to my clients on other sites.

This does not work unless I temporary disable the eset firewall.

 

In the firewall rules, the standard rule "Allow icmp communication in the trusted zone" is present.

So, this should work right, considering that all my company networks are added to the zones, and they in their turn are checked to be in the trusted zone?

 

To get around this problem, I tried to add a new rule to allow icmp traffic in the zones I created myself, but I am only able to select "Trusted zone","Addresses excluded from IDS", "Addresses notified about unavailability of TCP/UDP ports", "Addresses excluded from protocol filtering", "DNS servers" and "Local Addresses" as zone selection at the remote side.

 

Any help to as what I am doing wrong?

Link to post
Share on other sites

Hello haco,

 

Below is a link with the settings you need. The main issue with the rules you are creating is that there are block rules built in to ESET that are above the ones you are creating. The instructions in the link will show you how to disable them.

 

 

https://kb.eset.com/esetkb/index?page=content&id=soln2233

Link to post
Share on other sites

I too am try to setup Endpoint Security to allow pings across our network. I have followed the setup provided in the link above but I still can't get it to work.

Any other ideas?

Link to post
Share on other sites
  • Administrators

I too am try to setup Endpoint Security to allow pings across our network. I have followed the setup provided in the link above but I still can't get it to work.

Any other ideas?

 

Most likely the computer on which you run the ping command is not included in the trusted zone on the remote computer. Check the trusted zone settings and make sure the given IP address / subnet is included.

Link to post
Share on other sites

Thanks for the help,

 

for the ping, I see the rule that gets hit is apply icmp filter, but can't find that rule in my rules list.

 

for the other things (netdom renamecomputer for example)

I unchecked the necessary default rules, so they don't get hit anymore(block netbios name service requests, blok incoming netbios requests),

but it still doesn't work, so I guess that there is still something else.

I have created a rule that specifically allows thes ports on trusted zone and the zone I created for my remote site, and still no luck.

Maybe these zones are not interpreted correctly?

Link to post
Share on other sites

So, from my tests with it, I get this.

 

If you create zones with authentication on it,

and you add those as parameters to your policies, it doesn't work.

 

If you add the subnet of that zone to your policy, it works.

 

Or you can add those subnets to your trusted zone as an alternative.

 

Am I right or missing something here?

Link to post
Share on other sites
  • Administrators

"Allow ICMP communication in the Trusted zone" rule is enabled by default which means you should be able to ping the computer from other computers in the Trusted zone.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...