Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

suspect network under attack by icmp


I am now supect that the pix is under high volume of ping, as if i disable the ping from outside world on wan router, the performace of the network is improved.

Does PIX can do with some control on if under icmp attack can temp limit or drop the packet from inside and outside world.

so that the inside affected client and attack from outside world can be prevent.

tks all


Re: suspect network under attack by icmp

HI .. you could try enabling the ips built-in signtures supported by the PIX. These are used to protect against common attacks.

" Cisco PIX Firewall includes an IP-only intrusion detection feature. It provides visibility at

network perimeters or for locations where additional security between network segments is


The PIX IDS identifies more than 53 common attacks using signatures to detect patterns of

misuse in network traffic. Traffic passing through the PIX Firewall can be identified to be

audited, logged, and/or dropped.

After it is configured, the IDS feature watches packets and sessions as they flow through the

firewall, scanning each for a match with any of the IDS signatures. When suspicious activity

is detected, the PIX Firewall responds immediately and can be configured to do the following:

1. Send an alarm to a syslog server.

2. Drop the packet.

3. Reset the TCP connection. "

I suggest you check the command reference for the use of ip audit command !!!

I hope it helps .. please rate it if it does !!!

CreatePlease to create content