When creating an application ID for the ICMP can you specifiy the codes, right now it just seems to cover only the types.
Reason being is that due to security restrictions only certain types of ICMP traffic is allowed to cross one type of ICMP that needs to be allowed it type 3 code 4 which is for the packet fragmentation.
Thanks for the response, but I guess did not make myself clear enough on what I am trying to accomplish.
With our current firewall we have rules to allow only certain type of ICMP traffic, while the rest will get denied.
internal network --> outside ***allow the following ICMP types
icmp destination unreachable/fragmentation required, DF flag set (type 3 code 4)
I know I can create an application ID for the different ICMP types, but when you are creating an application type of ICMP it only allows you specify the type, but not the code. If I am creating an application ID for ICMP for type 3 it would allow all type 3 traffic, but what I want is to only allow type 3 code 4 ICMP packets. All the other ICMP type 3 packets are to be dropped.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!