Solved: Want to block ICMP request for externel IP's.

maxtaan · ‎2023-09-16

We are observing PING is reachable to all external IPs that is being destination NATed even though ping is not allowed in their respective policy.The IP's which we add in ARP from webui. Externel user able to ping those IP's. We want to block the icmp request for specifcally those IP's.

the_rock · ‎2023-09-17

I was thinking a rule along the lines something like below:

src -> internal networks (NEGATE), so its everything EXCEPT internal nets

dst -> firewall(s)

service -> whatever needed

action -> block

Andy

Best,
Andy

View solution in original post

Chris_Atkinson · ‎2023-09-17

How are the corresponding ICMP options in Global properties currently configured?

CCSM R77/R80/ELITE

maxtaan · ‎2023-09-18

Currently, it's unchecked for another reason. Is it connected to this issue?

the_rock · ‎2023-09-17

I was thinking a rule along the lines something like below:

src -> internal networks (NEGATE), so its everything EXCEPT internal nets

dst -> firewall(s)

service -> whatever needed

action -> block

Andy

Best,
Andy

maxtaan · ‎2023-09-18

Thanks for your response, sir. We have already done it to ignore the problem.

the_rock · ‎2023-09-18

Good job!

Best,
Andy