Can't ping from NMC CLI when firewall is enabled (AP9630/AP9640)

Pietje · ‎2024-08-20

Hello,

I have AP9630 I using firmware v7.1.6.

I noticed that I can't ping IP addresses from the CLI when the firewall is enabled. You will see the following:

apc>ping 192.168.210.1
Usage: ping -- Configuration Options
ping <IP or DNS Address>

On AP9640 (version v1.5.1.1) cards you will get a timeout like this:

apc>ping 192.168.192.1
Ping request timed out.
Ping request timed out.
Ping request timed out.
Ping request timed out.

When you disabled the firewall then it works. Shouldn't traffic that originate from the NMC be allowed? I also configured an email server to send email notification from the NMC. This work without any problems but I haven't allowed the IP address of my SMTP email server in the firewall rules.

I can ping IP addresses that are in the firewall allow list, with the firewall enabled.

Pietje · ‎2024-08-20

Update. It seems that I also couldn't reach the SMTP server on on this particular NMC card. But I have many more UPS systems where the firewall is enabled and that can send out emails.

Teken · ‎2024-08-20

What is the status of the ping response setting on the AP9630 NMC?!?

Enabled / Disabled??

Pietje · ‎2024-08-20

Its Enabled.

Teken · ‎2024-08-20

Appreciate the quick reply as I just checked a bank of 200 UPS. All running the latest v7.1.6 firmware on AP9630 / AP9631.

All show Ping / SNMP traffic, ping alive, ping average, uptime, and TTL fine.

Pietje · ‎2024-08-20

And you have configured the firewall and also enabled it? And the host that you ping isn't an IP address that is configured in the firewall?

Teken · ‎2024-08-20

To be more specific all security related matters are handled by an external firewall appliance.

I / we do not use the APC embedded firewall service in the NMC.

Pietje · ‎2024-08-20

I also don't have issues when I disable the firewall. But when its enabled (which we want) then I have these problems.

It seems like a bug to me.