How to suppress TCP Reset and ICMP Port Unreachable messages
| Article:TECH81725 | | | Created: 2003-01-07 | | | Updated: 2009-01-26 | | | Article URL http://www.symantec.com/docs/TECH81725 |
Problem
You need to suppress the firewall's default behavior of sending TCP Reset messages in response to disallowed TCP connections and ICMP Port Unreachable messages in response to disallowed UDP connections. You want the firewall to silently drop this traffic instead.
Solution
To suppress TCP Reset and ICMP Port Unreachable messages in Symantec Gateway Security v2.0x and Symantec Enterprise Firewall v8.0:
- Connect to your firewall with the Security Gateway Management Interface (SGMI).
- In the left pane, click Policy.
- In the right pane, on the Advanced tab, select Logical Network Interfaces.
- Highlight the interface you want to suppress messages on.
- Click Properties
- On the Options tab, check "Suppress Reset and ICMP error messages".
- In the left pane of the Security Gateway Management Interface (SGMI), under Assets, click Network.
- On the Network Interfaces tab, select the interface on which you want to suppress messages, and then click Properties.
- On the General tab, check "Suppress reset and ICMP error messages".
- Click OK.
- Repeat steps 2-4 for the other network interfaces.
Note: This configuration causes the firewall to silently drop disallowed TCP and UDP connection attempts. In addition, these attempts are not logged by the firewall.
|
|
Legacy ID
2003100713173854
Article URL http://www.symantec.com/docs/TECH81725
Terms of use for this information are found in Legal Notices
Thank you.