search cancel

Deployment of 3rd IP on Gateway seems to cause network issue issues


Article ID: 113744


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


I tried to deploy a 3rd Gateway IP on my current linux box so that I can filter an entire service to that IP. Seemed like this went well in regards to the installation, however after running a continues ping on the box, I seemed to get a lot of dropped packets. I need to re-verify if I completed the steps properly, or if I was missing something.


Applies to all Appliance Gateway's


Need to be careful when using PING as a tool to test network stability, many network devices and operating system have setting put in place to avoid  ICMP storms 

The gateway uses iptables to prevent ICMP storms, the default setting will drop packets when more than 2 PING's occur in the same second 


Resolution to allow more ping sessions
Needed to increase how many per-second iptables:
#/etc/init.d/iptables stop
# vi etc/init.d/iptables
[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 2/sec -j ACCEPT
T o
[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/sec -j ACCEPT
#/etc/init.d/iptables start