Control Specific ICMP or ICMPv6 Types and Codes

Use this task to create a custom ICMP or ICMPv6 application and then create a security policy rule to allow or deny that application.
  1. Create a custom application for ICMP or ICMPv6 message types and codes.
    1. Select ObjectApplications and Add a custom application.
    2. On the Configuration tab, enter a Name for the custom application and a Description. For example, enter the name ping6.
    3. For Category, select networking.
    4. For Subcategory, select ip-protocol.
    5. For Technology, select network-protocol.
    6. Click OK.
    7. On the Advanced tab, select ICMP Type or ICMPv6 Type.
    8. For Type, enter the number (range is 0-255) that designates the ICMP or ICMPv6 message type you want to allow or deny. For example, Echo Request message (ping) is 128.
    9. If the Type includes codes, enter the Code number (range is 0-255) that applies to the Type value you want to allow or deny. Some Type values have Code 0 only.
    10. Click OK.
  2. Create a Security policy rule that allows or denies the custom application you created.
    Create a Security Policy Rule. On the Application tab, specify the name of the custom application you just created.
  3. Commit your changes.
    Click Commit.

Related Documentation