Configuring CIDR Network Addresses for the BIG-IP packet filter - Always accept important ICMP

Information

You can use the BIG-IP packet filter functionality to enhance network security by enforcing an access policy on traffic ingressing or egressing a VLAN on the BIG-IP system. You must configure packet filter functionality to block CIDR network addresses from the TMOS Shell.

Solution

Log in to tmsh by typing the following command:
tmsh
2. modify /sys db packetfilter.allow.important.icmp value <enable/disable>

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-10, CAT|II, CCI|CCI-000054, Rule-ID|SV-74521r2_rule, STIG-ID|F5BI-DM-000003, Vuln-ID|V-60091

Plugin: F5

Control ID: ecc885e966cf92581beceeb610edbc177d7d51ec5457c6fda7d328d0033cc634