icmp-type Object Type
Internet Control Message Protocol (ICMP) object groups can be created to group certain
types of ICMP messages. For example, ICMP messages of ECHO-REQUEST, ECHOREPLY,
and DESTINATION-UNREACHABLE with numerical type values of 8, 0, and 3,
respectively, can be grouped as shown in Example 7-9.
Grouping ICMP Messages
pix(config)# object-group icmp-type icmp-test
pix(config-icmp-type)# icmp-object 0
pix(config-icmp-type)# icmp-object 3
pix(config-icmp-type)# icmp-object 8
Nesting Object Groups
You can add an object group within an object group. The object-group command allows
logical grouping of the same type of objects andicmp-type Object Type construction of hierarchical object groups
for structured configuration. To nest an object group within another object group, use the
group-object command. Example 7-10 illustrates the use of nested object groups.
Configuring Nested Object Groups
pixfirewall(config)# object-group network web-servers
pixfirewall(config-network)# description web servers
pixfirewall(config-network)# network-object host 192.168.1.12
pixfirewall(config-network)# network-object host 192.168.1.14
pixfirewall(config-network)# exit
pixfirewall(config)# object-group network Public-servers
pixfirewall(config-network)# description Public servers
pixfirewall(config-network)# network-object host 192.168.1.18
pixfirewall(config-network)# group-object web-servers
pixfirewall(config-network)# exit