Help
Wireless Controller
Dedicated Wi-Fi control and management for high density and mobility
nsamuel
Staff
Staff

Created on ‎01-13-2016 10:38 PM

Article Id 198294

Meru Technical Note - Configuring a drop QoS rule for blocking Ping or ICMP traffic

Description

Configuring a drop QoS rule for blocking Ping or ICMP traffic.


Scope

KB ARTICLE TYPE: Configuration

RELATED PRODUCTS: Controller

RELATED SOFTWARE VERSIONS: SD 3.6 and Above.

KEYWORDS: Controller, ICMP, firewall


Solution

The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite is chiefly used by networked operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached.

CONFIGURATION STEPS:

To configure QoS rules from the GUI, follow these steps:

Step 1: Configure QoS rule for the traffic destined for a specific subnet.

1. Click Configuration > QoS > System Settings > QoS and Firewall Rules (tab).

2. Click Add. The screen below appears.

3. ID : Unique Number

4. Destination IP : 10.10.10.0

5. Destination Netmask : 255.255.255.0

6. Net Protocol : 1

7. QoS Protocol : None

8. In the Action list: Drop

9. Match Checkbox: For any field text box with the corresponding Match checkbox selected,

10. To add the QoS rule, click OK.

Step 2: Configure QoS rule for traffic originating from a specific subnet.

1. Click Configuration > QoS > System Settings > QoS and Firewall Rules (tab).

2. Click Add. The screen below appears.

3. ID : Unique Number

4. Source IP : 10.10.10.0

5. Source Netmask : 255.255.255.0.

6. Net Protocol : 1

7. QoS Protocol : None

8. In the Action list: Drop

9. Match Checkbox: For any field text box with the corresponding Match checkbox selected,

10. To add the QoS rule, click OK.

Configuring QOS rule through CLI:

Step 1: Configure QoS rule for the traffic destined for a specific subnet.

controller#(config)# qosrule id netprotocol 1 qosprotocol none

controller(config-qosrule)# dstip 10.10.10.0

controller(config-qosrule)# dstmask 255.255.255.0

controller(config-qosrule)# action drop

controller(config-qosrule)# end

Step 2: Configure QoS rule for traffic originating from a specific subnet.

controller#(config)# qosrule id netprotocol 1 qosprotocol none

controller(config-qosrule)# srcip 10.10.10.0

controller(config-qosrule)# srcmask 255.255.255.0

controller(config-qosrule)# action drop

controller(config-qosrule)# end

TEST RESULTS: ICMP traffic is blocked.


Labels:
799
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.