| | Specify the type of list you are creating
for protocol protection: Include List —Only
the protocols on the list are allowed—in addition to IPv4 (0x0800),
IPv6 (0x86DD), ARP (0x0806), and VLAN tagged frames (0x8100). All
other protocols are implicitly denied (blocked). Exclude List —Only the protocols on
the list are denied; all other protocols are implicitly allowed.
You cannot exclude IPv4 (0x0800), IPv6 (0x86DD), ARP (0x0806), or
VLAN tagged frames (0x8100).
Use
the Include List to allow only the layer 2 protocols you use and
to deny all other protocols. This reduces the attack surface by
denying the protocols you don’t use on the network. The firewall
denies only the protocols that you add to the Exclude List and allows
all other protocols that are not on the list. If you don’t configure
Protocol Protection, all layer 2 protocols are allowed.
|