Hello, not a major issue but one that is bugging me. I have an 8 IP address block with Zen and have always wondered what ICMP traffic should be allowed in and out, using a Cisco 877 router and a Multi-Nat config. So far searching around the posts I've found this post by FordPrefect.
I am guessing that you are using NAT on the firewall?
In that case allow all ICMP except echo(but allow echo-reply), timestamp and redirect(unlikey in your case that you would use them) to your firewall.
Outgoing from your network then allow ICMP out for everything redirect and time exceeded. Timestamps should be allowed when sourced from your network but anything requested outside should be blocked.
Im only allowing ICMP on the router address at the moment, should it be allowed on the full 8 IP range (maybe not the broadcast address????)
I am guessing that you are using NAT on the firewall?
In that case allow all ICMP except echo(but allow echo-reply), timestamp and redirect(unlikey in your case that you would use them) to your firewall.
Outgoing from your network then allow ICMP out for everything redirect and time exceeded. Timestamps should be allowed when sourced from your network but anything requested outside should be blocked.
Im only allowing ICMP on the router address at the moment, should it be allowed on the full 8 IP range (maybe not the broadcast address????)