Thursday, July 15, 2021

(SonicWALL) Pinging WAN interface from LAN. Help understand why this solution works? (x-post from r/sonicwall)

I know by default/design, pinging one interface IP from behind another interface is not allowed. I was able to get this working by following the instruction in this support article: https://www.sonicwall.com/support/knowledge-base/ping-or-access-the-interface-ip-using-a-host-connected-to-another-interface/170505874136212/

I don't really understand why this works though and I'm hoping someone can help me understand. The NAT rule described in the article translates the original destination (X1 - WAN) to X0 instead. To me, this seems like it sees the destination of the X1 interface and sends the traffic to the X1 interface instead, in effect pinging the LAN interface instead of the desired WAN interface.

However, packet monitor does show echo replies being generated from the X1 WAN IP.

Can someone please help clarify what is happening here?



No comments:

Post a Comment