Control Specific ICMP or ICMPv6 Types and Codes

Use this task to create a custom ICMP or ICMPv6 application and then create a security policy rule to allow or deny that application.
  1. Create a custom application for ICMP or ICMPv6 message types and codes.
    1. Select
      Object
      Applications
      and
      Add
      a custom application.
    2. On the
      Configuration
      tab, enter a
      Name
      for the custom application and a
      Description
      . For example, enter the name ping6.
    3. For
      Category
      , select
      networking
      .
    4. For
      Subcategory
      , select
      ip-protocol
      .
    5. For
      Technology
      , select
      network-protocol
      .
    6. Click
      OK
      .
    7. On the
      Advanced
      tab, select
      ICMP Type
      or
      ICMPv6 Type
      .
    8. For
      Type
      , enter the number (range is 0-255) that designates the ICMP or ICMPv6 message type you want to allow or deny. For example, Echo Request message (ping) is 128.
    9. If the Type includes codes, enter the
      Code
      number (range is 0-255) that applies to the
      Type
      value you want to allow or deny. Some
      Type
      values have Code 0 only.
    10. Click
      OK
      .
  2. Create a Security policy rule that allows or denies the custom application you created.
    Create a Security Policy Rule. On the
    Application
    tab, specify the name of the custom application you just created.
  3. Commit your changes.
    Click
    Commit
    .

Related Documentation