Forum Discussion
2 minutes ago, Stuart Weenig said:We're arguing semantics now, so i'll bow out.
As far as FR numbers, if you only put it here in the community, it likely didn't get entered into the system, so product didn't even know about it. If you spoke to your CSM about it, they would have put it into the system and good CSMs keep track of those entries. If you did it through the feedback system in the product, it would have made it into the system, but your CSM might not have seen it. Granted, the FR system needs a major overhaul. It's one of the big focuses of our upcoming focus on community (including a new hosting platform).
You can say it is semantics, but ICMP is connectionless and generally firewalls need to do inspection to identify sessions. For ICMP that is the ICMP ID that together with the src and dst address allow firewalls to allow an echo reply response after seeing the outgoing echo. An echo reply that does not match will be dropped since an unsolicited ICMP packet should not just be sent to targets. Because LM has this bug where it uses the same ICMP ID for all ping checks, it trips firewalls that do inspection. If you argue folks should not use firewalls internally, that is battling windmills -- it is very common and getting more so to limit lateral attacks. That each of our tickets has generated zero understanding and a punt to open a feature request is just sad. I am not going to get into the general abilities of our successive CSMs, but if you look at my first referenced you will see the way these things tend to end up.
Related Content
- 3 months ago
- 2 months ago