I would like to block non-stateful unsolicited echo-replies from entering inbound to my Cisco 5550 firewall. I received the following advice to configure:
policy-map global_policy
class inspection_default
inspect icmp
inspect icmp error
My follow on question is, if I add the "inspect icmp", does this still permit stateful icmp echo request/echo replies while blocking non-stateful echo-replies from the outside?
Also, what does configuring "inspect icmp error" do?
Thanks in advance