17 – Enabling ICMP within Same Subnet using Self Rule (Security List)

Prerequisites:

• Two compute instances in the same subnet
• A Security List attached to that subnet
• OCI console access to modify security lists

---

🧭 Scenario & Objective

You have two servers (Instance A and Instance B) in the same subnet but cannot ping each other. Default ingress rules in Security Lists block ICMP from peers in same subnet.
Goal: Add a Self ICMP rule in the Security List so that any instance in that subnet can ping any other in the same subnet.

---

1. We have 2 instances in the same subnet

**2. We are unable to ping to the server within the same subnet. This is due to the Ingress Rule for ICMP which prevents servers in the same subnet to ping to each other. However, we are able to ping outside the network (Example - google.com) due to the Egress rule **

3. We need to create a firewall rule in network to allow all servers to reach one another, within the subnet. To do this, we need to create the following rule in Ingress rules.

Now we have successfully created a firewall rule in network to allow all servers to reach one another, within the subnet

4. Removing ICMP in Security list within same subnet(Self -Rule)

The PING function is no longer working. Now the servers are unable to reach one another, within the subnet

✅ Summary

• By default, instances in the same subnet cannot ping each other without an ingress rule.
• The self-rule with self as the source allows any instance in that subnet to reach any other instance via ICMP.
• Use this rule carefully — only when inter-instance communication (ping/troubleshooting) is needed.