Security

Reply
MVP
Posts: 561
Registered: ‎11-28-2011

ICMP control

Good day all!

 

Just had a really interesting request from a customer, who's pretty security focused (good thing too).

 

In summary, from users on a service, assume we want to allow ICMP, but only certain types. In this case, path mtu, source quench and ping. Everything else should be denied (in terms of ICMP that is).

 

I found this post from a while back.

 

http://community.arubanetworks.com/t5/Community-Knowledge-Base/ICMP-Type-and-Code-Filtering/ta-p/16211

 

This is interesting, but I'm pretty sure (just tried it), that I can only apply session ACLs into roles (not extended ones). As a result, it's not so useful in this case.

 

Anyone know of a way of getting this granular with it?

 

For the meantime, I'll throttle the guests. In bandwidth terms, not literally of course!

 

Thanks for reading!

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Search Airheads
Showing results for 
Search instead for 
Did you mean: