Skip to main content

Hey-o Community!

 

Was recently using the Netskope Performance t/s tool for Windows and I noticed that part of the testing that takes place appears to be ping attempts to a POP gateway, however if ICMP is inherently not allowed to POP’s then why is this even part of the testing? Unless someone knows if “No-Pinging” is just something an organization can choose to NOT have while others do? Looking to get clarity to also understand just how useful this tool actually is. 

 

@cubiaz55

ICMP should not be blocked at the gateways.  If you’re observing this behavior we need to determine why (something in your path blocking ICMP, packet loss, etc).  


Hi ​@cubiaz55 ,

Good day !!

ICMP traffic is not being blocked on the gateway side. However, if you're using the "All Traffic" steering configuration and have the CFW (Cloud Firewall) license enabled on your Netskope tenant, then you will need to explicitly allow or bypass ICMP traffic within Netskope.

I recall working on a similar issue where a performance script was failing due to ping (ICMP) being blocked. In that case, I created a custom CFW application for ICMP and added it to the real-time protection policy, which resolved the issue.

Alternatively, you can choose to bypass ICMP traffic entirely if that better suits your requirements.

Please go through the below article it will help to clear all the douts regarding ICMP traffic 

https://community.netskope.com/cloud-firewall-79/how-to-bypass-icmp-traffic-to-a-specific-ip-with-cloud-firewall-6261


Reply