https://community.sophos.com/utm-firewall/f/management-networking-logging-and-reporting/132074/how-to-block-icmp-timestamp-requestsHi, i know that there already was a similar question here: https://community.sophos.com/utm-firewall/f/network-protection-firewall-nat-qos-ips/117583/blocking-icmp-timestamp-reply-t13-c00-and-t14-c00-not-working However, this doesn&#39;t really help meen-USTelligent Community 12https://community.sophos.com/thread/486810?ContentTypeID=1Thu, 20 Jan 2022 07:28:25 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:684733ba-3059-4d9a-969b-780d5cb23fd2MartinSeener<p>Hi,<br />thanks for the feedback. I know that we did not allow ICMP to go through from external, so this was never a &quot;real&quot; issue.<br />Although I took the time to research and want to quickly describe my findings here for anyone else also looking into this.<br /><br />- You do not need ICMP even at the Firewall level from external usually<br />- You may need it in VPNs when using UDP or when your interfaces don&#39;t use default MTU of 1500 or provide UDP services<br />- ICMP Type 8 is Echo Request (Ping), Type 3 is Dest. not reachable among others (defined in (Sub)codes) which you may need<br /><br />I&#39;ve now disabled global ICMP altogether and only left all 3 Ping checkboxes enabled, as well as the &quot;Let Traceroute from internal to external&quot;. The FW itself it not traceroutable anymore from external.<br /><br />With this all of my IPSec VPNs still work fine, same for Road-Warrior SSL-VPN and other things.<br />So this one is fixed for me now. Thanks for your help!</p><div style="clear:both;"></div>https://community.sophos.com/thread/486781?ContentTypeID=1Wed, 19 Jan 2022 21:15:45 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:1b54ecce-0d32-4576-8ee3-6886ddc9bdc1BAlfson<p>Martin, if you don&#39;t have &#39;<span>Allow ICMP through Gateway from external networks&#39; selected on the &#39;ICMP&#39; tab, I don&#39;t think you have a problem.&nbsp; If you need some ICMP requests to come through, I prefer to make explicit firewall rules for that.</span></p> <p><span>cheers - Bob</span></p><div style="clear:both;"></div>https://community.sophos.com/thread/485819?ContentTypeID=1Sat, 08 Jan 2022 17:25:50 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:13e02a06-4b85-4161-9cc0-d14e8da711e5MartinSeener<p>Hi,<br />yes we do. But the issue is not the network behind it nor the &quot;issue&quot; itself. I know this is super minor to fix but I would like to give potential attackers just one less point of information.<br />I think the &quot;Firewall forward&quot; things are not an issue since most of them only forward from internal to external. The timestamp obtained there is only from the UTM itself.<br /><br />Maybe we can get a solution here.</p><div style="clear:both;"></div>https://community.sophos.com/thread/485809?ContentTypeID=1Sat, 08 Jan 2022 11:35:04 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:5e7ed3b4-94f3-4cad-a0dc-8e6fdeb12b47dirkkotte<p>If you use a private address-range, NATed behind some public IP#s, the problem &quot;...can obtain information about your network...&quot; should not exist.</p> <p>But i disable all &quot;Firewall forward ...&quot; settings without service problems.</p><div style="clear:both;"></div>