11-14-2012 02:22 AM
Good day all!
Just had a really interesting request from a customer, who's pretty security focused (good thing too).
In summary, from users on a service, assume we want to allow ICMP, but only certain types. In this case, path mtu, source quench and ping. Everything else should be denied (in terms of ICMP that is).
I found this post from a while back.
This is interesting, but I'm pretty sure (just tried it), that I can only apply session ACLs into roles (not extended ones). As a result, it's not so useful in this case.
Anyone know of a way of getting this granular with it?
For the meantime, I'll throttle the guests. In bandwidth terms, not literally of course!
Thanks for reading!