Allow ICMP on external interface using a external list of IP Addresses
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2019 06:41 AM - edited 02-21-2020 09:46 AM
I've been using UptimeRobot for years as a first level of notification that there might be an issue at the office. It's worked well for what it does and it's free. For security reasons I want to disable ICMP on our main outside interface. I know I can manually go in and add exceptions for specific IP addresses (I'm already doing this for 4.2.2.2 which is setup on a tracker for one of our routes), but how do I do it for a whole list without a lot of manual work? I'm sure this list gets updated too which creates another problem!
Here's the list: https://uptimerobot.com/inc/files/ips/IPv4.txt
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2019 06:58 AM
Last time I checked, unfortunately you cannot use a group object with the "icmp permit/deny" command to filter traffic destined to the ASA, you have to define each IP address or network.
HTH
