Cisco Cisco Packet Data Gateway (PDG)
firewall icmp-fsm
This command enables/disables Stateful Firewall's ICMP/ICMPv6 Finite State Machine (FSM).
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-fw-and-nat-policy)#
Syntax Description
[ default | no ] firewall icmp-fsm
default
Configures the default setting.
Default: Enabled. Same as firewall icmp-fsm.
no
Disables Stateful Firewall ICMP/ICMPv6 FSM checks.
Usage Guidelines
Use this command to enable/disable Stateful Firewall ICMP/ICMPv6 FSM checks. When Stateful Firewall
and ICMP/ICMPv6 FSM are enabled, ICMP/ICMPv6 reply messages for which there is no saved
ICMP/ICMPv6 request message are discarded. ICMP/ICMPv6 error messages (i.e., messages containing an
embedded message) for which there is no saved flow for the embedded message are discarded.
and ICMP/ICMPv6 FSM are enabled, ICMP/ICMPv6 reply messages for which there is no saved
ICMP/ICMPv6 request message are discarded. ICMP/ICMPv6 error messages (i.e., messages containing an
embedded message) for which there is no saved flow for the embedded message are discarded.
Examples
The following command disables Stateful Firewall's ICMP/ICMPv6 FSM checks:
no firewall icmp-fsm
no firewall icmp-fsm
Command Line Interface Reference, Modes E - F, StarOS Release 19
1693
Firewall-and-NAT Policy Configuration Mode Commands
firewall icmp-fsm