Controller Based WLANs

What is the function of parameter Stateful ICMP Processing present on controller's firewall?
Q:

What is the function of parameter Stateful ICMP Processing present on controller's firewall?



A:

When this knob is enabled, controller's datapath will drop all Unsolicited ICMP responses if the controller has not seen the ICMP request & created a corresponding session for the same.

 

This knob was introduced from 6.4.2.1

 

Eg; In a CPSEC enabled environment, when a wired client present in different vlan than the AP tried to ping it,  ICMP request will not go through the controller.

 

However, ICMP response from the AP will be sent inside IPSEC tunnel created between AP & controller. As controller did not see the ICMP request from the wired client, so the ICMP response packet from the AP destined to 

 

the wired client will be dropped once it hits controller's datapath.

Version History
Revision #:
2 of 2
Last update:
‎11-25-2015 01:01 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.