topic Re: ICMP in General Topics

ICMP

snormoyle — Mon, 09 Jan 2012 11:17:27 GMT

When creating an application ID for the ICMP can you specifiy the codes, right now it just seems to cover only the types.

Reason being is that due to security restrictions only certain types of ICMP traffic is allowed to cross one type of ICMP that needs to be allowed it type 3 code 4 which is for the packet fragmentation.

Re: ICMP

rmonvon — Mon, 09 Jan 2012 17:54:48 GMT

May I suggest you take a look at the Zone Protection feature. The feature can be enable to detect & block ICMP fragmentation.

Thanks.

Re: ICMP

snormoyle — Tue, 10 Jan 2012 12:11:17 GMT

Thanks for the response, but I guess did not make myself clear enough on what I am trying to accomplish.

With our current firewall we have rules to allow only certain type of ICMP traffic, while the rest will get denied.

internal network --> outside ***allow the following ICMP types

icmp echo

icmp echo-reply

icmp time-exceeded

icmp source-quench

icmp destination unreachable/fragmentation required, DF flag set (type 3 code 4)

I know I can create an application ID for the different ICMP types, but when you are creating an application type of ICMP it only allows you specify the type, but not the code. If I am creating an application ID for ICMP for type 3 it would allow all type 3 traffic, but what I want is to only allow type 3 code 4 ICMP packets. All the other ICMP type 3 packets are to be dropped.

Re: ICMP

skrall — Tue, 17 Jan 2012 19:33:33 GMT

The answer is no. Currently we have an application called PING and an application called ICMP. This is the only granularity at this time. You may be able to create a Custom App that uses the type field to get more specific.

Steve Krall