Archived
TD0132: FFW_ACL_EXT.1, FFW_DPI_EXT.1 - ICMP Filtering Removed
Publication Date
2016.12.14
Protection Profiles
CPP_ND_SBC_EP_V1.0
Other References
CPP_ND_SBC_EP_V1.0, FFW_ACL_EXT.1, FFW_DPI_EXT.1
Issue Description
The FFW_ACL_EXT.1 and FFW_DPI_EXT.1 requirement mandates that the TOE perform ICMP filtering. The level of granularity included for the filtering requirements are more akin to a general purpose firewall, which an SBC is not. Since the SBC is a specific use case and not a general purpose firewall, the requirement should be updated to reflect this. Resolution
All references to ICMP can be removed from the FFW_ACL_EXT.1 and FFW_DPI_EXT.1 requirements. Justification
ICMP filtering is not a functionality included in Session Border Controllers. This has been updated in EP_SBC_V1.1. |