Remote monitoring of router connectivity
Remote monitoring of router connectivity
I'd like to monitor my router connectivity so I get alerted if the home internet connection goes down/offline for some reason. Have an ER605, 2 switches and 3 EAPs. All fully adopted and maanged by a locally installed OC200.
Ideally would like to use something like UptimeRobot
I want to only enable certain public IP addresses to Ping my WAN IP and get a response, anything else should get get dropped (as though pings are ignored).
However, even when I disable the "block Ping from WAN" and add a couple of Gateway ACL entries to only permit certain hosts for UptimeRobot for ICMP and then a following rule to Deny all others, I seem to receive Pings from other addresses as well (testing via the Central Ops website)
Any suggestions from anybody who has got this to work?
So we're clear, I want to achieve:
1. A perfect stealth report from the ShieldsUP test at www.grc.com
2. Allow PINGS to come from specified IP addresses only.
Has anybody been able to make this work running their ER605 under an Omada controller (rather than amending firewall settings on an unadopted unit via it's local web GUI)?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
TakeshiKovacs wrote
Thanks, please let me know what their feedback is and whether a ticket can be logged for this.
OK.
Two rules, the same as before. But the destination is slightly different.
#1 Deny, WAN IN, SRC ANY IP, DST GW management page.
#2 Allow, WAN IN, SRC desired one, DST GW management page.
- Copy Link
- Report Inappropriate Content
@Clive_A
So the good news is using the Gateway Management as the DST works. The way to do it is as follows:
First comes the PERMIT rule which is the highly selective one based on source of the monitoring websites I'm enabling.
Then comes the DENY which then blocks anything that the preceding rule didn't match with/allow.
This then works as expected. I now have my connection externally monitored and pings from random other addresses are ignored so for example I still get a perfect result from the ShieldsUP tests at GRC dot com.
Highly recommend you update your customer knowledgebase articles to document this properly.
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
TakeshiKovacs wrote
@Clive_A
So the good news is using the Gateway Management as the DST works. The way to do it is as follows:
First comes the PERMIT rule which is the highly selective one based on source of the monitoring websites I'm enabling.
Then comes the DENY which then blocks anything that the preceding rule didn't match with/allow.
This then works as expected. I now have my connection externally monitored and pings from random other addresses are ignored so for example I still get a perfect result from the ShieldsUP tests at GRC dot com.
Highly recommend you update your customer knowledgebase articles to document this properly.
Very good to know that you have resolved that.
Will write a report to the related team about this.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 868
Replies: 14
Voters 0
No one has voted for it yet.