search cancel

Endpoint Protection: Only allow outbound ping requests and inbound ping responses

book

Article ID: 173285

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You want to prevent Symantec Endpoint Protection (SEP) clients from receiving or responding to ICMP (ping) requests, but still send ping requests and receive ping responses from other computers.

Cause

Internet Control Message Protocol (ICMP) traffic is defined as a unidirectional protocol. This means that the SEP client firewall does not add an allowed outbound ICMP echo request to its state table. Any related inbound ICMP echo responses will be evaluated against the firewall rules directly. Creating a rule that allows outbound ICMP requests will not allow inbound ICMP responses to that request.

Resolution

Create a SEP client firewall rule to allow outgoing ICMP type 8, and incoming ICMP type 0 traffic.