Creating upstrem firewall for mitigating vulnerability

Question

Hello ,&nbsp;For mitigating ICMP vulnerability F5 suggesting to create upstream firewall to filter out ICMP type 13 and 14 requests from unknown or untrusted hosts. COuld you please help me to find how we will create this, is in F5 or outside&nbsp;&nbsp;

f51 · Answer

Hello Aswin,Creating an upstream firewall to filter out certain types of Internet Control Message Protocol (ICMP) requests would typically be done outside of F5. In most cases, this would be done on a separate firewall device or software that is positioned upstream of the F5 device in your network topology.1. You have to create a new rule or policy. This rule should be designed to filter out ICMP type 13 (Timestamp Request) and type 14 (Timestamp Reply) requests. The specific steps to do this will depend on your firewall.2. Apply this rule to all traffic coming from unknown or untrusted hosts.&nbsp;&nbsp;

Forum Discussion

Creating upstrem firewall for mitigating vulnerability

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

F5 BigIP APM VPN some LDAP field are base64 encoded

Two Arm Deployment mode using PBR

Questions about F5 BIG-IP Multi-Datacenter Configuration

Load balancing NTP Servers

APM URL Branching tolower

Related Content

Mitigating Log4j Vulnerability using F5 BIG-IP

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Mitigating OWASP Web Application Risk: Vulnerable and Outdated Components using F5 BIG-IP

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

Vulnerability Mitigation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS