Hello, I have the firewall UTM home of Sophos but the test of shields up does not pass it. I would like to know how to configure the firewall to not respond to echo reply. Apparently this test does on my router and that's what I do not want. I want you to do it on my firewall. If anyone can help me very grateful in advance. Best regards.
You have NAT and need check option maybe is in dos protection or how this ex. Prevent ICMP Echo Attack.
You probably need to reconfigure your router to pass all connections to another machine. This router/gateway needs to act as old, stupid modem. Some router firmware allow that by bridging.
Is this router provided by the ISP? Many routers provide web interface on some IP address anyway. ISP sometimes does not provide credentials, but: 1. Sometimes there are some workarounds . I can login to mine router via default credentials after disconnecting signal cable and factory reset. After connecting signal cable some configuration options are overwritten by ISP-provided config, but many are left untouched. 2. You can ask ISP technical support for credentials to login.
I've been looking in the manual for your router, and i'm not finding what i'm looking for. Does it have any icmp options under Firewall options? These are the only firewall options I have found so far. Does this match your interface?
I'm not sure what the problem is. I would have to have the firewall, and router to work with. If I find anything I think may help then I will post it. Do you have the manual for your router?
The manual i'm looking at for your router is in Spanish. It is not bringing up the English version. What is your native language?
I don't know if this manual will be of any help since your router is customized for you ISP, but here it is anyway. https://www.cisco.com/c/dam/en/us/td/docs/video/at_home/Cable_Modems/2400_Series/4004836_B.pdf I will post back if I can think of what the problem might be. It's just really difficult to diagnose the problem without access to the router, and firewall. Good Luck!
really - is it important to change router settings which are secure to test if unwanted icmp is dropped? if anything is working as expected - dont change it.