Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TopJimmy
New Contributor

Block/Deny a Protocol

How would one go about blocking a protocol? I' m referring to these protocols: http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers and not just services. We have a STIG for blocking protocol 41 (IPv6 encapsulation) from outbound traffic.
-TJ
-TJ
1 REPLY 1
ede_pfau
Esteemed Contributor III

You can create a custom IPS signature which checks the protocol field: (from the FortiOS Handbook) --protocol {<protocol_int> | tcp | udp | icmp}; Check the IP protocol header. Example: --protocol tcp; The key here is to check for the numeric protocol ID, either 41 (dec) or 29 (hex). As customer IPS signatures are not very well documented this takes a bit of testing.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors