Set an Internet Local firewall rule on your UDM-Pro (or similar UniFi device) to be able to ping your IP from outside of your network.
I recently signed up with a new broadband provider (Cuckoo Broadband - review on the way) with one of the benefits being support for multiple static IPs–see my last post on configuring these on the UniFi Dream Machine Pro:
Once I had these setup, I wanted to be able to ping these over the internet, firstly to test they were all working, and secondly so I could continually ping what I was going to use as the 'main' internet IP with a Broadband Quality Monitor (@ thinkbroadband.com).
Any, instead of being a specific IP.
The layout of the firewall pages and panes has changed a bit over the years, with there now being greater control over the source and destination (or in the case of pings, using
Internet Local to designate that the destination is the UDM-Pro itself).
InternetContains IPv4 firewall rules that apply to the Internet network.
LocalApplies to traffic that is destined for the UDM/USG itself.
From the main page of your UDM-Pro (or other compatible UniFi device/cloud-key) go to Settings -> Firewall & Security ->Create New Rule:
Internet Local and enter a descriptive name for the rule (no really, you'll thank yourself in future). Leave the default of
Before Predefined Rules unless you have a specific reason to change it. You obviously want the action to be
IPv4 Protocol to
ICMP, and the
IPv4 ICMP Type Name to
You can leave the source as
Any unless you know the specific address you want to be testing from. If you have a cloud server setup to monitor devices, you could set the
Source Type to
IP Address and specify the address, therefore allowing only you to monitor, but ICMP is deemed to be a fairly low risk protocol to leave open, and if the monitoring service has multiple/unknown sources, you don't have much choice here.
For the destination, you want to set whatever your external IP is. You could leave this as
Any (and you might have to if you don't have a static IP, but a dynamic/changing IP) but in general, a more specific rule is better. In my example, where there are multiple IPs, I ultimately only want one IP to respond to Ping requests, so I've specified that destination IP. During testing, I left this as
Any so I could ping all 4 addresses.
Once you're happy with the rule, click
Apply Changes and it will take effect.
To test it, you can ping from something like a cloud server, or you can download a Ping-type app. I used 'Ping' by Michael Frohlich. Remember to disable Wi-Fi if you're on the same network at the static IP (although I had to be on 4G to successfully ping–3G didn't work for me), enter your IP in the app, hit the play button and confirm that you get the green replies.
That's it! You can ping your IP from the internet. What next? You could set up an internet quality monitor or use your own cloud server to monitor it.