Forum Discussion

Aswin_mk's avatar
Aswin_mk
Icon for Cumulonimbus rankCumulonimbus
Sep 29, 2023

Creating upstrem firewall for mitigating vulnerability

Hello ,

 

For mitigating ICMP vulnerability F5 suggesting to create upstream firewall to filter out ICMP type 13 and 14 requests from unknown or untrusted hosts. COuld you please help me to find how we will create this, is in F5 or outside

 

 

  • f51's avatar
    f51
    Icon for Cirrostratus rankCirrostratus

    Hello Aswin,

    Creating an upstream firewall to filter out certain types of Internet Control Message Protocol (ICMP) requests would typically be done outside of F5. In most cases, this would be done on a separate firewall device or software that is positioned upstream of the F5 device in your network topology.
    1. You have to create a new rule or policy. This rule should be designed to filter out ICMP type 13 (Timestamp Request) and type 14 (Timestamp Reply) requests. The specific steps to do this will depend on your firewall.
    2. Apply this rule to all traffic coming from unknown or untrusted hosts.