Security Basics mailing list archives
Re: PIX firewall and ICMP
From: Daniel Williams <dwilliams () cedardoc com>
Date: Mon, 22 Sep 2003 07:41:50 -0400
Cat,We use the PIX as well, but allow ICMP up to the inside interface on the PIX and drop all out bound and in bound ICMP packets on the outside interface. This allows techs to test connectivity to the firewall. Anyone with other connection issues beyond the PIX can call our PIX admin. They don't trouble-shooting "my" connection issues with the PIX to the world.
Cat Thrasher wrote:
Please advise your opinions on my problem. I had a permit statement on the PIX that would allow ICMP from any to any. Since being hit with Nachi, I turned it off. I am being asked my policy on when it will be turned back on. I have a rather large network and many "divisions" who work independently, yet access the internet thru "my" PIX. They like to use ping when trouble-shooting. Can I get an opinion on whether or not I should turn this back on...ThanksCat Thrasher Network Support Analyst County of Santa Cruz 831-454-5367 cat.thrasher () co santa-cruz ca us --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- PIX firewall and ICMP Cat Thrasher (Sep 24)
- Re: PIX firewall and ICMP Daniel Williams (Sep 24)
- Re: PIX firewall and ICMP gregh (Sep 26)
- Re: PIX firewall and ICMP rogue (Sep 29)
- Re: PIX firewall and ICMP John Hollyoak (Sep 29)
- <Possible follow-ups>
- RE: PIX firewall and ICMP Tenorio, Leandro (Sep 24)
- RE: PIX firewall and ICMP Charlie Winckless (Sep 24)
- Re: PIX firewall and ICMP Darrell Porter (Sep 25)
- RE: PIX firewall and ICMP Maher Odeh (Sep 25)
- RE: PIX firewall and ICMP Steve Marin (Sep 26)
- Re: PIX firewall and ICMP Brian Ford (Sep 26)
- RE: PIX firewall and ICMP dave hartnell (Sep 29)
(Thread continues...)