Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Does PIX Firewall can send reject packet with proper icmp unreachable type?

Hi

I need to know if the PIX Firewall can send reject packet with proper icmp unreachable type (port unreachable)

Like the Checkpoint reject role does.

1 REPLY
Silver

Re: Does PIX Firewall can send reject packet with proper icmp un

I do not believe that it does. I have not come across any documentation that leads to believe that it can, and cisco's security best practices suggest that you turn the icmp unreachables off on the ios router code.

If you want the pix to send reject frames, it can but they will be tcp frames with the reset bit set, not icmp unreachable frames.

The pix service resetinbound (for 5.x and 6.x. code) and service resetoutside (for 6.3 code) commands are used to accomplish that. They are off by default.

136
Views
0
Helpful
1
Replies
CreatePlease to create content