ICMP Timestamp
Hi, we have a M570, latest update 12.8 (Build 657104). I have been asked to disable our external facing interfaces from giving a ICMP Timestamp response. I do see under the global settings the ICMP error handling. But other than "Time Exceeded" having time in the title I not sure which of this would be the one to disable to stop the timestamp response. I could disable all, but I rather not disable anything I don't have to. Thanks and have a great day.
0
Sign In to comment.
Answers
Looks to me that your only option is to disable all ICMP error handling if you really need to stop this reply
From the CLI Reference:
global-setting icmp-message (message)
Define the ICMP error message for the Firebox.
Use no global-setting icmp-message message to disable icmp-message function.
message is the ICMP message returned to the source. It must be one of these options:
allow-all — Allow all ICMP messages.
fragmentation-required — Allow ICMP Fragmentation Req messages.
host-unreachable — Allow ICMP Host Unreachable messages
network-unreachable — Allow ICMP Network Unreachable messages.
port-unreachable — Allow ICMP Port Unreachable messages.
protocol-unreachable — Allow IMCP Protocol Unreachable messages.
time-exceeded — Allow ICMP Time Exceeded messages.