Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1626
Views
0
Helpful
1
Replies

Allow ICMP on external interface using a external list of IP Addresses

tim829
Beginner
Beginner

‎12-18-2019 06:41 AM - edited ‎02-21-2020 09:46 AM

I've been using UptimeRobot for years as a first level of notification that there might be an issue at the office. It's worked well for what it does and it's free. For security reasons I want to disable ICMP on our main outside interface. I know I can manually go in and add exceptions for specific IP addresses (I'm already doing this for 4.2.2.2 which is setup on a tracker for one of our routes), but how do I do it for a whole list without a lot of manual work? I'm sure this list gets updated too which creates another problem!

 

Here's the list: https://uptimerobot.com/inc/files/ips/IPv4.txt

 

Thanks

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎12-18-2019 06:58 AM

Hi,
Last time I checked, unfortunately you cannot use a group object with the "icmp permit/deny" command to filter traffic destined to the ASA, you have to define each IP address or network.

HTH
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents