We just installed an SA520W to use as a FW/Router with our new Metro Ethernet Internet connection. Our provider "demands" that we allow ICMP-ECHO (type8), ICMP-ECHO-REPLY (type0) and ICMP-TRACEROUTE (type30) to facilitate their monitoring of our service.
They have given me Source IP ranges for the hosts that would be pinging us.
I'm a newbie to firewalls and configs. Is there anyway to allow the service provider to 'ping' our router from the pre-determined range of source IPs? When I try to set up a rule for this, the rule wants an internal IP address under destination NAT settings...I have no idea what that would be.
Do I uncheck the "Block Ping to WAN Interface"? That would allow anyone/anything to ping me, right? Is that safe to do?
Thanks for your advice.