Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Creating upstrem firewall for mitigating vulnerability

Aswin_mk
Nimbostratus
Nimbostratus

Hello ,

 

For mitigating ICMP vulnerability F5 suggesting to create upstream firewall to filter out ICMP type 13 and 14 requests from unknown or untrusted hosts. COuld you please help me to find how we will create this, is in F5 or outside

 

 

1 REPLY 1

f51
Cirrostratus
Cirrostratus

Hello Aswin,

Creating an upstream firewall to filter out certain types of Internet Control Message Protocol (ICMP) requests would typically be done outside of F5. In most cases, this would be done on a separate firewall device or software that is positioned upstream of the F5 device in your network topology.
1. You have to create a new rule or policy. This rule should be designed to filter out ICMP type 13 (Timestamp Request) and type 14 (Timestamp Reply) requests. The specific steps to do this will depend on your firewall.
2. Apply this rule to all traffic coming from unknown or untrusted hosts.