Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
1
Replies

Does PIX Firewall can send reject packet with proper icmp unreachable type?

asamra
Level 1
Level 1

‎04-20-2004 01:17 AM - edited ‎02-20-2020 11:21 PM

Hi

I need to know if the PIX Firewall can send reject packet with proper icmp unreachable type (port unreachable)

Like the Checkpoint reject role does.

0 Helpful
1 Reply 1

ehirsel
Level 6
Level 6

‎04-20-2004 04:50 AM

I do not believe that it does. I have not come across any documentation that leads to believe that it can, and cisco's security best practices suggest that you turn the icmp unreachables off on the ios router code.

If you want the pix to send reject frames, it can but they will be tcp frames with the reset bit set, not icmp unreachable frames.

The pix service resetinbound (for 5.x and 6.x. code) and service resetoutside (for 6.3 code) commands are used to accomplish that. They are off by default.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card