How to Block ICMP (Ping Request) to Internal Servers


The office installed some LAN servers for internal access. And want to block outside access to the servers.



1. a UTT Business Router (hereinafter shorted as “the Router"), such as UTT router N518W, AC750W, AC750GW, AC1220GW, ER518, ER840G, ER528GP, ER2620G and ER4240G. Firmware Version: 3.0.0 or above

2. a PC/laptop connected to the Router, either through its LAN port or wireless network



1. Launch an Internet browser from the PC/laptop and enter in the address bar. Enter the Router username and password when prompted (default username: admin, default password: admin).


2. Go to Firewall > Access Control, enable Access Control switch, make it in blue(working status)


3. Click Add button add a new ACL rule, this rule is to only allow internal LAN users (192.168.1.x) to ping the server.

Applicable users should be set to IP address and started from to


The destination address should be set to IP address, and start from to servers addresses)



4. Then click Add button to add another ACL rule. choose protocol as ICMP, action should be set to deny, destination as to as the 1st ACL rule)

Click save to finish the ACL settings.


The router will automatically abandon the ICMP packets whose destination is to

You can try to ping the address to confirm if the ACL is working or not.


Shown as below, when this deny ACL is enabled, it will block the outside ping request to