By default the WAN Public Firewall policy only allows HTTPS and SSH connections into the 7100. See image below for navigation help in the menu. If you want to allow ping on the WAN interface, you will need to modify the Public Security Zone and then the Admin Access access list. You can then select the access types you want to apply to your WAN public interface. Make sure you save by clicking the apply button. Be careful on what you select, the more options you enable the more susceptible you will make your unit to getting hacked into.
Let me know if you need any further help.
I think there is a bit of a communication failure.
If I set a static on the Netvanta and the gateway I can't ping out to the gateway or get anywhere.
I am not able to ping back to the Netvanta but that is network related I have Ping check on that policy.
how about some more details.
I assume you are referring to the Eth 0/0 WAN port on the back of the 7100 with the static IP.
What is the Eth 0/0 port connected to? Explain the connection path from the Eth 0/0 to the internet, all devices that you know about at your location. ISP router, modem, etc...
Where are pinging from? A PC behind the 7100 or from the 7100 CLI?
View your route table and what is first entry in your route table?
Verify that your subnet mask on Eth 0/0 is the correct.
What all do you have in your Public Access Policy.
-I am referring to the Eth 0/0 Wan port on the back
- Eth 0/0 is connected to a Comtrend CT-5374 VDSL modem that is connect on a VLAN through a Calix E5-121 VDSL box back to a Juniper ERX in the CO office that is working as the Default gateway.
- Pinging from the 7100 itself
- 0.0.0.0 0.0.0.0 X.X.50.1 1 Static
- Subnet mask is correct
- Admin access with HTTPs and SSH; a port forward for RDP (it works on when the box is set to DHCP)
Thanks for all the help
Message was edited by: matt - removed sensitive information
This is odd. Can you put the IP address info that you have assigned to the 0/0 interface.
For testing purpose, can you enable Ping in your Admin access in the Public access policy.
I am able to ping your gateway from my PC just fine. So that is good.
Here is a test you could do. It will take unit down. Take a PC or some device that you can ping from and hook it up to the eth 0/0 WAN interface. Eth 0/0 should be MDI/MDIX so you can use straight through Eth cable. Just assign the PC or device the IP address of your gateway and see if the 7100 can ping that device. If that works then we know the 7100 can ping out 0/0.
Next is to then take a PC and assign it the IP address of the 7100 0/0 port with same subnet and hook up to your VDSL modem and see if you can ping the gateway and if the gateway can ping you.
Let me know results.
Just following up to see if you fixed the problem. If so could you post an update with solution.
I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.