Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PIX firewall and ICMP

From: Daniel Williams <dwilliams () cedardoc com>
Date: Mon, 22 Sep 2003 07:41:50 -0400
Cat,
We use the PIX as well, but allow ICMP up to the inside interface on the PIX and drop all out bound and in bound ICMP packets on the outside interface. This allows techs to test connectivity to the firewall. Anyone with other connection issues beyond the PIX can call our PIX admin. They don't trouble-shooting "my" connection issues with the PIX to the world. 

Cat Thrasher wrote:


Please advise your opinions on my problem. I had a permit statement on the PIX that would allow ICMP from any to any. Since being hit with 
Nachi, I turned it off. I am being asked my policy on when it will be turned back on. I have a rather large network and many 
"divisions" who work independently, yet access the internet thru "my" PIX. They like to use ping when trouble-shooting.
Can I get an opinion on whether or not I should turn this back on...
Thanks 
Cat Thrasher
Network Support Analyst
County of Santa Cruz
831-454-5367
cat.thrasher () co santa-cruz ca us


---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: