Friday, February 01, 2013 3:37 PM
I am new to TMG and just inherited the management of it. Currently our gateway of 10.0.0.10 is the TMG server. I gather that other clients on my network should be able to ping that address however those pings time out. Also, from the TMG server I am unable to ping outside networks such as www.google.com The IP address resolves but the requests time out. We have no trouble accessing other sites on the web, we would just like to have the ping functionality for troubleshooting and testing purposes.
Friday, February 01, 2013 5:58 PM
that is the default behavior. You can allow ICMP if you change the system rules.For this:
- Start the TMG console
- Click on Firewall Policy
- Click on Tasks on the right-hand side and select Edit System Policy
- Click ICMP (Ping) under Remote Management and "Enable this configuration group". Go to the From tab and add your internal network
- Click ICMP under Diagnostic Services and "Enable this configuration group". Go to the To tab and add "All networks (and Local Host)".
- Apply the new configuration and give TMG a few minutes to activate it.
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, March 11, 2013 5:47 AM
Tuesday, February 05, 2013 7:23 PMThanks for the reply Lutz. I did make the changes as requested above but I am still unable to ping outside sites.
Wednesday, February 06, 2013 2:02 AM
can you verify if ICMP is blocked on your Internet router?
Wednesday, February 06, 2013 9:55 AMGood Morning!
Can you create in Access Rule!
Name: ICMP (PING)
Protocols: ICMP (PING)
User: All User
Wednesday, February 06, 2013 2:28 PMDo you mean such as on my Cisco ASA. If so it is allowed there the best I can tell.
Wednesday, February 06, 2013 2:29 PMThanks Douglas, that did not fix anything either.
Wednesday, February 06, 2013 6:00 PM
is the ping not working from the TMG server itself or from all your internal machines?
Thanks for checking ICMP on the ASA.
Wednesday, February 06, 2013 7:12 PM
I cannot ping outside of our network from the TMG server or any machine on our network. Such as ping www.google.com does not work.
I can however ping other internal devices on our network from the TMG server and other machines.
Wednesday, February 06, 2013 9:30 PM
If you run a ping from a internal machine to www.google.com what do you see in TMG under Logs & Reports. It should tell you which rule is blocking the ICMP.
If you dont see it there then you should double-check the ASA and any other device between your TMG and the Internet.
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, February 07, 2013 6:26 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, February 14, 2013 3:05 AM
Wednesday, February 06, 2013 10:24 PM
I have nothing listed under logs and reports. Filter is set to filter by log record type, condition equals, value firewall or web proxy filter.
Log time Live
Wednesday, February 06, 2013 10:36 PMSo then the chances are high that this is not a TMG issue. What do you see in the ASA log, is the ASA rejcting/dropping the ICMP packages?
Thursday, February 07, 2013 6:33 AMModerator
Thank you for the post.
It seems like the traffic does not reach your TMG server, a network capure will help you understand the process.
Nick Gu - MSFT
- Edited by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, February 07, 2013 6:34 AM