Cisco Cisco ASR 5000
Firewall-and-NAT Policy Configuration Mode Commands
▀ firewall icmp-fsm
▄ Command Line Interface Reference, StarOS Release 18
5116
firewall icmp-fsm
This command enables/disables Stateful Firewall’s ICMP/ICMPv6 Finite State Machine (FSM).
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-fw-and-nat-policy)#
Syntax
[ default | no ] firewall icmp-fsm
default
Configures the default setting.
Default: Enabled. Same as
Default: Enabled. Same as
firewall icmp-fsm
.
no
Disables Stateful Firewall ICMP/ICMPv6 FSM checks.
Usage
Use this command to enable/disable Stateful Firewall ICMP/ICMPv6 FSM checks. When Stateful Firewall
and ICMP/ICMPv6 FSM are enabled, ICMP/ICMPv6 reply messages for which there is no saved
ICMP/ICMPv6 request message are discarded. ICMP/ICMPv6 error messages (i.e., messages containing an
embedded message) for which there is no saved flow for the embedded message are discarded.
and ICMP/ICMPv6 FSM are enabled, ICMP/ICMPv6 reply messages for which there is no saved
ICMP/ICMPv6 request message are discarded. ICMP/ICMPv6 error messages (i.e., messages containing an
embedded message) for which there is no saved flow for the embedded message are discarded.
Example
The following command disables Stateful Firewall’s ICMP/ICMPv6 FSM checks:
no firewall icmp-fsm