Support Ticket

⚲

Support How To ? Integration

How to block ICMP/Ping on WAN IP Address and Overlay IP Address.

Applicable plans a b c d

How to block ICMP/Ping on WAN IP Address and Overlay IP Address.

Contents

Prerequisites................................................................................................................... 2

Use Case......................................................................................................................... 2

Configurations................................................................................................................ 2

1. Configure a Zone with name “host”....................................................................... 2

2. Configure a QOS-policies...................................................................................... 3

3. Configure a Cos Rule............................................................................................ 3

4. Add the zone- host as the destination zone............................................................ 4

5. Add the application ICMP in the services list.......................................................... 5

6. In the Enforce action check the Deny option.......................................................... 5

Prerequisites

The branch is provisioned using Config Template
1. This document is not restricted to specific Versa certified software and hardware versions.

Use Case:

This article describes, how to use a specific IP address from a pool while using DIA. Many network administrators feel that ICMP is a security risk and should therefore always be blocked at the firewall. By default, versa allows ICMP request on its WAN interface and Overlay IP Address.

The public IP Address in the FlexVNF is 11.11.3.29/24, which is provided by service provider.
This document explains how to block ICMP request from public network and Overlay

IP Address.

Configurations.

Configure a Zone with name “host”.

‘host’ is predefined zone. This zone related to all the Host bound traffics.

A host-zone is a pre-defined domain. A zone can be associated with one or more interfaces, networks, routing instances, and organizations. But for host-zone, no interfaces, networks, routing instances, and organizations required.

2. Configure a QOS-policies.

3/4. Configure a QOS-Policy to deny ICMP to Destination: Host

5. Include the Services: ICMP

6. Action: Block

Did you find it helpful? Yes No

More articles in Integration