48-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 48 Configuring Device Access Settings on Firewall Devices
Configuring ICMP
Field Reference
Add and Edit ICMP Dialog Boxes
Use the Add ICMP dialog box to add an ICMP rule, which specifies a host/network that is allowed or
denied the specified ICMP access on the specified device interface.
Note The Edit ICMP dialog box is virtually identical to the Add ICMP dialog box, and is used to modify
existing ICMP rules. The following descriptions apply to both dialog boxes.
Navigation Path
You can access the Add or Edit ICMP dialog boxes from the Configuring ICMP, page 48-3.
Field Reference
Tab le 48 -3 IC MP Pa ge
Element Description
ICMP Rules Table Use the Add Row, Edit Row, and Delete Row buttons below this table
to manage ICMP rules. Add Row opens the Add ICMP dialog box,
while Edit Row opens the Edit ICMP dialog box. See Add and Edit
ICMP Dialog Boxes, page 48-4 for information about these dialog
boxes.
ICMP Unreachable Parameters
Rate Limit For ICMP traffic that terminates at an interface on this device, the
maximum number of ICMP Unreachable messages the device can
transmit per second. This value can be between 1 and 100 messages per
second; the default is 1 message per second.
Burst Size The burst size for ICMP Unreachable messages; this can be a value
between 1 and 10.
Note This parameter is not currently used by the system, so you can
choose any value.
Table48-4 Add and ICMP Dialog Boxes
Element Description
Action Whether this rule permits or denies the selected ICMP Service message
from the specified Network on the specified Interface. Choose:
Permit – ICMP messages from the specified networks/hosts are
allowed to the specified interface.
Deny – ICMP messages from the specified networks/hosts to the
specified interface are dropped.
ICMP Service Enter or Select the specific ICMP service message to which the rule
applies.
Interface Enter or Select the device interface to which these ICMP messages are
directed.