Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
maxtaan
Contributor
Jump to solution

Want to block ICMP request for externel IP's.

We are observing PING is reachable to all external IPs that is being destination NATed even though ping is not allowed in their respective policy.The IP's which we add in ARP from webui. Externel user able to ping those IP's. We want to block the icmp request for specifcally those IP's. 

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

I was thinking a rule along the lines something like below:

src -> internal networks (NEGATE), so its everything EXCEPT internal nets

dst -> firewall(s)

service -> whatever needed

action -> block

Andy

View solution in original post

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

How are the corresponding ICMP options in Global properties currently configured?

CCSM R77/R80/ELITE
0 Kudos
maxtaan
Contributor

Currently, it's unchecked for another reason. Is it connected to this issue?

0 Kudos
the_rock
Legend
Legend

I was thinking a rule along the lines something like below:

src -> internal networks (NEGATE), so its everything EXCEPT internal nets

dst -> firewall(s)

service -> whatever needed

action -> block

Andy

0 Kudos
maxtaan
Contributor

Thanks for your response, sir. We have already done it to ignore the problem.

the_rock
Legend
Legend

Good job!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

 
Upcoming Maestro Events