For mitigating ICMP vulnerability F5 suggesting to create upstream firewall to filter out ICMP type 13 and 14 requests from unknown or untrusted hosts. COuld you please help me to find how we will create this, is in F5 or outside
Creating an upstream firewall to filter out certain types of Internet Control Message Protocol (ICMP) requests would typically be done outside of F5. In most cases, this would be done on a separate firewall device or software that is positioned upstream of the F5 device in your network topology. 1. You have to create a new rule or policy. This rule should be designed to filter out ICMP type 13 (Timestamp Request) and type 14 (Timestamp Reply) requests. The specific steps to do this will depend on your firewall. 2. Apply this rule to all traffic coming from unknown or untrusted hosts.