Solved: Block ICMP to FTD Device Interface IP in FDM

MxShay · ‎09-16-2020

Hello everyone,

I have a small Firepower 1010 appliance without FMC. One requirement here is to block pings to the IPs of the device / its interfaces.
My research revealed that this setting can be set in the FMC via the platform settings using ICMP rules.
But since I only manage the appliance via the FDM, how can I block incoming pings directed to the firewall itself? Within the WebUI I did not find a corresponding setting, the same applies to the CLI.

Cheers and thanks!

Francesco Molino · ‎09-16-2020

Hi

At the bottom of the main dashboard on FDM, go to Advanced Configuration.

Create a Flexconfig Object like:

icmp deny any inside

and the following command on negate field:

no icmp deny any inside

It could also be:

icmp permit x.x.x.x 255.255.255.0 inside

and the following on negate field:

no icmp permit x.x.x.x 255.255.255.0 inside

Then attach this object on Flexconfig policy and deploy the config.

The platform setting ICMP configuration on FMC pushes this configuration directly to lina and let you avoid creating a manual flexconfig.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎09-16-2020

Hi