I'm wondering if anyone else is seeing this behavior...

My Z100G appears to be passing ICMPs, even though I have it configured in high security with a blocking rule. I've added a rule that blocks all ICMPs from WAN to LAN, and the only rule above that rule blocks ICMPs from my DSL modem to the gateway.

The blocking rule is supposed to log any attempts it blocks. It never logs anything.

Instead, I periodically see ICMP type 3.1, 3.3, 3.10, 3.13, and 11.0 coming from external ip addresses and reaching a firewall that is on my LAN (on the LAN side of my Z100G). I'm glad I've got the internal firewall to see them.

I submitted a trouble report to Sofaware six months ago, but they don't appear to understand the problem, because we keep going around in circles with the diagnostics.

My current theory is that these ICMPs are being passed because the Z100G thinks they are part of a stateful connection. That may be a limitation of the way the Z100G firewall works, or it may be a bug... I can't quite figure it out and haven't gotten a clear picture from Sofaware.

So again: is anyone else seeing ICMPs get past the Z100G? (You'd have to have an internal firewall or sniffer to see them.)

An update:

I do have someone on the case at Sofaware these days. He's trying to set up a testbed to duplicate the phenomenon. The ICMPs come very infrequently, and I'm starting to wonder if they are the result of network traffic jams during a stateful connection.

I'll post more as it happens...

Another update:

I've been out sick (away from the computer) for a while.

Sofaware has decided to close the trouble ticket, and apparently wasn't able to duplicate the problem I've documented.

I continue to suspect it's due to random traffic issues at intermediate routers. Those routers are sending back various ICMPs, which the Z100G passes through, even when it's told not to. I suspect it passes them because it thinks they are part of a stateful connection.