Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
9899
Views
5
Helpful
1
Replies

Block ICMP to FTD Device Interface IP in FDM

Go to solution
MxShay
Level 1
Level 1

‎09-16-2020 02:59 PM

Hello everyone,

I have a small Firepower 1010 appliance without FMC. One requirement here is to block pings to the IPs of the device / its interfaces.
My research revealed that this setting can be set in the FMC via the platform settings using ICMP rules.
But since I only manage the appliance via the FDM, how can I block incoming pings directed to the firewall itself? Within the WebUI I did not find a corresponding setting, the same applies to the CLI.

Cheers and thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎09-16-2020 07:58 PM

Hi

 

At the bottom of the main dashboard on FDM, go to Advanced Configuration.

Create a Flexconfig Object like:

icmp deny any inside

and the following command on negate field:

no icmp deny any inside

 

It could also be:

icmp permit x.x.x.x 255.255.255.0 inside

and the following on negate field:

no icmp permit x.x.x.x 255.255.255.0 inside

 

Then attach this object on Flexconfig policy and deploy the config.

 

The platform setting ICMP configuration on FMC pushes this configuration directly to lina and let you avoid creating a manual flexconfig.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

1 Reply 1

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎09-16-2020 07:58 PM

Hi

 

At the bottom of the main dashboard on FDM, go to Advanced Configuration.

Create a Flexconfig Object like:

icmp deny any inside

and the following command on negate field:

no icmp deny any inside

 

It could also be:

icmp permit x.x.x.x 255.255.255.0 inside

and the following on negate field:

no icmp permit x.x.x.x 255.255.255.0 inside

 

Then attach this object on Flexconfig policy and deploy the config.

 

The platform setting ICMP configuration on FMC pushes this configuration directly to lina and let you avoid creating a manual flexconfig.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Review Cisco Networking for a $25 gift card
Top