[c-nsp] ICMP Filtering on firewall

varaillon j.varaillon at cosmoline.com
Tue Sep 11 06:21:26 EDT 2007


Hi,

We are filtering and rate limiting icmp traffic on our border router to let
in&out:

Echo
Echo-reply
Unreachable
Time-exceeded

What about icmp to our firewall's interfaces?

Shouldn't I allow the firewall to respond to or send those icmp messages as
well?

What would be the best current practices regarding ICMP traffic ti
firewalls' interfaces?

Thank you!

Christophe



More information about the cisco-nsp mailing list