HI, I am unable to ping any ip from mikrotik. Mac ping is working but unable to icmp anything.? Anyway to troubleshoot icmp service apart from rebooting the device?
Note: there are no firewall rules blocking icmp. It stopped working automatically.
There are no firewall rules at all.Try running /tool torch interface-name ip-protocol=icmp src-address=0.0.0.0/0 dst-address=0.0.0.0/0 and ping something which is accessible via that interface. If you can see only TX-PACKETS to count and RX-PACKETS stays at 0, the machine is pinging but the responses don't come (so a firewall on remote side may be the culprit); if you can see both directions to count, the responses are coming and either your firewall settings got corrupt or the software module in RouterOS responsible for pinging has a problem.
Do you have an action=accept connection-state=established,related rule as the first non-dynamic one in chain=input of /ip firewall filter?
Will restart the router for now. Can this be due to 100's of static route with check-gateway=ping enabled? Should i avoid using ping to check gateways?Assuming you did run the torch in one window and ping from another one, watching the torch, then yes, this looks like the pinging module dead. And no, there is no way to restart a software module individually from RouterOS CLI or GUI, a complete reboot is the only way.
Did as you said. Thanks for your time.I'm not a Mikrotik SW developer, but "hundreds" (i.e. less than 2000) static routes each checking its gateway using pings mean just "tens" (i.e. less than 200) of ping request/response pairs per second, and the machine should hardly notice such load. If you don't have a sound reason for staying at 6.39.2, maybe you could use the occasion to upgrade to at least 6.40.9 (bugfix) which still uses the same L2 concept like 6.39.2. As you don't have any firewall rules, I suppose the device is deep in a private network, so security patches may seem less important, but the newer version may also fix the issue you've noticed. I'd strongly recommend to generate and download a supout.rif before reboot and send it to email@example.com with issue description or a link to this topic.