ICMPv6

ICMPv6

The IT Manager is doing some diagnostics and would like to temporarily block the successful replies of ICMP Node information Responses between 2 IPv6 networks.

The ICMP type for ICMP Node information responses is 140. The codes for a successful response is 0.

To configure ICMPv6 – web-based manager:

  1. Go to Policy & Objects > Services and select Create New > Service. 2. Fill out the fields with the following information
Name diagnostic-test1
Service Type Firewall
Show in Service List Enabled
Category Uncategorized
Protocol Type ICMP6
Type 140
  1. Select
  2. Enter the following CLI command:

config firewall service custom edit diagnostic-test1 set protocol ICMP6 set icmptype 140 set icmpcode 0 set visibility enable

end

To verify that the category was added correctly:

  1. Go to Policy & Objects > Services. Check that the services have been added to the services list and that they are correct.
  2. Enter the following CLI command:

config firewall service custom edit <the name of the service that you wish to verify> show full-configuration

This entry was posted in Administration Guides, FortiGate, FortiOS 6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.