I am setting up TMG as prepatory for what will be a remote office firewall and site-to-site VPN to main office. Specs: TMG 2010 SP2, Server 2008 R2, IBM x3550, LAN NIC for internal traffic, and WAN NIC for external. WAN NIC is configured with ISP IP, GW, SNM and DNS.
I want to verify that the WAN NIC replies to PINGs in advance of setting up s-2-s VPN. I have the Default Rule, and I have added a PING rule with:
Access rule Name: Ping
Action: Allow
Protocol: PING
Acces Rule Source: All Networks (and Local Host)
Access Rule Destination: All Networks (and Local Host)
User sets: All Users
Firewall Policy looks like this:
Order Name Action Protocols From/Listener ....
1 Ping Allow PING All Networks (and local host) ....
Last Default rule Deny All Traffice All Networks (and local host)
When I start the server, I will receive PING responses from both internal and external computers for about 5 minutes, and then PING requests are denied. Logging within TMG reveals the Default Rule is blocking the PING.
PING is not part of our long-term plan -- it is just what we thought would be an initial verification of the TMG setup. Why would the Default Rule supersede the PING Rule that is above it? Thanks in advance for your help!
- Edited by gStorm Monday, January 30, 2012 7:13 PM