ICMP Service
The Security Officer would like to block the use of the traceroute utility through the network. The IT manager insists that ping and other ICMP utility must be allows for the task of diagnosing connectivity, so it is agreed that only traceroute functionality will be blocked.
The ICMP type for traceroute is 30. There is no codes with the type.
Web-based Manager Instructions
Go to Firewall Objects > Service > Services and select Create New > Custom Service.
Fill out the fields with the following information
Field Name | Field Value |
Name | traceroute |
Comments | <Input into this field is optional> |
Service Type | Firewall |
Color | <Changing this value is optional> |
Show in Service List | Check in check box |
Category | Uncategorized |
Protocol Type | ICMP |
Type | 30 |
Code | <Leave blank> |
Select OK.
Enter the following CLI command:
config firewall service custom
edit traceroute
set protocol ICMP
set icmptype 30
set visibility enable
end
To verify that the category was added correctly:
Go to Firewall Objects > Service > Services. Check that the services have been added to the services list and that they are correct.
Enter the following CLI command:
config firewall service custom
edit <the name of the service that you wish to verify>
show full-configuration