ICMP Timestamp

Hi, we have a M570, latest update 12.8 (Build 657104). I have been asked to disable our external facing interfaces from giving a ICMP Timestamp response. I do see under the global settings the ICMP error handling. But other than "Time Exceeded" having time in the title I not sure which of this would be the one to disable to stop the timestamp response. I could disable all, but I rather not disable anything I don't have to. Thanks and have a great day.

Answers

  • Looks to me that your only option is to disable all ICMP error handling if you really need to stop this reply

    From the CLI Reference:

    global-setting icmp-message (message)

    Define the ICMP error message for the Firebox.
    Use no global-setting icmp-message message to disable icmp-message function.

    message is the ICMP message returned to the source. It must be one of these options:
    allow-all — Allow all ICMP messages.
    fragmentation-required — Allow ICMP Fragmentation Req messages.
    host-unreachable — Allow ICMP Host Unreachable messages
    network-unreachable — Allow ICMP Network Unreachable messages.
    port-unreachable — Allow ICMP Port Unreachable messages.
    protocol-unreachable — Allow IMCP Protocol Unreachable messages.
    time-exceeded — Allow ICMP Time Exceeded messages.

Sign In to comment.