Skip to main content
commvault.com commvault.com
Answer

Allow ping on a HSX Cluster

  • May 15, 2025
  • 5 replies
  • 114 views
A
Byte
Forum|alt.badge.img+9

Hi,

 

I want to have my firewall enabled on my HSX cluster but for monitor reasons I want to be able to ping the data protection network. 

Is this possible ? 

Best answer by Rohit Ravi

Hi ​@atitagain,

 

Yes you can enable ping through your firewall 

 

Commands to enable ping are listed below, please make sure you run the below commands on all the nodes

 

#firewall-cmd --permanent --add-icmp-block-inversion

#firewall-cmd --permanent --add-icmp-block=echo-reply

#firewall-cmd --permanent --add-icmp-block=echo-request

#firewall-cmd --reload

 

Regards,

Rohit Ravi

Matthew M. Magbee

5 replies

R
Vaulter
Forum|alt.badge.img+3
  • Rohit RaviVaulter
  • Vaulter
  • Answer
  • May 16, 2025

Hi ​@atitagain,

 

Yes you can enable ping through your firewall 

 

Commands to enable ping are listed below, please make sure you run the below commands on all the nodes

 

#firewall-cmd --permanent --add-icmp-block-inversion

#firewall-cmd --permanent --add-icmp-block=echo-reply

#firewall-cmd --permanent --add-icmp-block=echo-request

#firewall-cmd --reload

 

Regards,

Rohit Ravi

Scott Moseman
L
A
Byte
Forum|alt.badge.img+9
  • atitagain
  • Author
  • Byte
  • May 16, 2025

@Rohit Ravi thanks very much. Perfect answer, copy & paste - job done.

R
Vaulter
Forum|alt.badge.img+3
  • Rohit RaviVaulter
  • Vaulter
  • May 19, 2025

@atitagain  Happy to help!!!

L
Byte
Forum|alt.badge.img+4
  • Lucio
  • Byte
  • August 19, 2025

Hello, 

The Rohit Ravi commands works, but the official documentation is reporting some errors on the commands (missing some “--” before the options):

https://documentation.commvault.com/v11/essential/enabling_firewall_on_hyperscale_x.html

 

# These commands are not working:

firewall-cmd zone=block add-icmp-block-inversion permanent

firewall-cmd zone=block add-icmp-block=echo-reply permanent

firewall-cmd zone=block add-icmp-block=echo-request permanent

firewall-cmd reload
 

# There Rohit Ravi commands are correct:

firewall-cmd --permanent --add-icmp-block-inversion

firewall-cmd --permanent --add-icmp-block=echo-reply

firewall-cmd --permanent --add-icmp-block=echo-request

firewall-cmd --reload

 

Best Regards

Lucio

 

Bronco
Vaulter
Forum|alt.badge.img+3
  • BroncoVaulter
  • Vaulter
  • August 19, 2025

Hello Lucio,

 

You can try the following commands and change in configuration to achieve the same results.

Commands:

 

# firewall-cmd --permanent --zone=block --add-icmp-block-inversion

# firewall-cmd --permanent --zone=block --add-rich-rule='rule protocol value="icmp" accept'

# firewall-cmd --reload

 

or you can add the following 2 lines in block.xml

 

===

<icmp-block-inversion/>
<protocol value="icmp"/>

===

 

Regards,

bronco

Terms & ConditionsCookie settingsAccessibility statement