[c-nsp] ICMP Filtering on firewall

varaillon j.varaillon at cosmoline.com
Tue Sep 11 06:21:26 EDT 2007

Previous message: [c-nsp] CPU anomoly on 3560G when adding a BGP peer
Next message: [c-nsp] ICMP Filtering on firewall
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

We are filtering and rate limiting icmp traffic on our border router to let
in&out:

Echo
Echo-reply
Unreachable
Time-exceeded

What about icmp to our firewall's interfaces?

Shouldn't I allow the firewall to respond to or send those icmp messages as
well?

What would be the best current practices regarding ICMP traffic ti
firewalls' interfaces?

Thank you!

Christophe

Previous message: [c-nsp] CPU anomoly on 3560G when adding a BGP peer
Next message: [c-nsp] ICMP Filtering on firewall
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the cisco-nsp mailing list