Example: ICMP service
The Security Officer would like to block the use of the traceroute utility through the network. The IT manager insists that ping and other ICMP utility must be allows for the task of diagnosing connectivity, so it is agreed that only traceroute functionality will be blocked.
The ICMP type for traceroute is 30. There is no codes with the type.
Web-based Manager Instructions
- Go to Policy & Objects > Objects > Services and select Create New > Service.
- Fill out the fields with the following information
| Name | traceroute |
| Comments | <Input into this field is optional> |
| Service Type | Firewall |
| Show in Service List | Check in check box |
| Category | Uncategorized |
| Protocol Type | ICMP |
| Type | 30 |
| Code | <Leave blank> |
- Select OK.
- Enter the following CLI command:
config firewall service custom
edit traceroute
set protocol ICMP
set icmptype 30
set visibility enable
end
To verify that the category was added correctly:
- Go to Policy & Objects > Objects > Services. Check that the services have been added to the services list and that they are correct.
- Enter the following CLI command:
config firewall service custom
edit <the name of the service that you wish to verify>
show full-configuration
Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
