cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
448
Views
0
Helpful
4
Replies
Highlighted
Beginner

Turn off ICMP to outside interface of 3020 Concentrator?

Our security geeks want to know if I can turn off ICMP to our outside interface. The don't want any outsiders to hit us with a ping sweep or ping attack.

BTW, I am an "infrastructure" geek ;-)

Thanks!

4 REPLIES 4
Highlighted
Rising star

in order to protect the concentrator from dos attack, the concentrator should be deployed behind a firewall with nat as well as acl permitting the required protocol and port e.g. udp 500.

the firewall should be capable to secure the concentrator from dos attack etc. it's probably too late to stop the attack once the attack hits the concentrator.

Highlighted
Beginner

Hi Lewis,

under Configuration > interfaces > public interface is a filter assigned to this interface. This filter you can configure for your needs.

Under configuration -> policy management -> traffic management -> filters you can assign rules for your filter for the public interface. Here you can remove the ICMP rule from the current rules in filter to disallow ICMP.

Hope that helps and brgds

Thomas.

Highlighted

Hi,

As IPSec do PMTUD for all the packets, it is important that ICMP "unreachable" (Type: 3) messages are able to reach the concentrator.

Would suggest allowing this as well as ICMP "time exceeded" message (Type: 11) rather than blocking full ICMP.

Regards,

Shijo George

.

Highlighted

Thanks to for all the help!