>
    ICMPv6 Drop
    Focus
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Network
    4. Network > Network Profiles
    5. Network > Network Profiles > Zone Protection
    6. Packet Based Attack Protection
    7. ICMPv6 Drop
    Next-Generation Firewall

    ICMPv6 Drop

    Table of Contents

    ICMPv6 Drop

    To instruct the firewall what to do with certain ICMPv6 packets it receives in the zone, select the following settings to enable them.
    Zone Protection Profile Settings—Packet Based Attack Protection
    Configured In
    Description
    ICMPv6 destination unreachable - require explicit security rule match
    NetworkNetwork ProfilesZone ProtectionPacket Based Attack ProtectionICMPv6 Drop
    Require an explicit Security policy match for Destination Unreachable ICMPv6 messages, even when the message is associated with an existing session.
    ICMPv6 packet too big - require explicit security rule match
    Require an explicit Security policy match for Packet Too Big ICMPv6 messages, even when the message is associated with an existing session.
    ICMPv6 time exceeded - require explicit security rule match
    Require an explicit Security policy match for Time Exceeded ICMPv6 messages, even when the message is associated with an existing session.
    ICMPv6 parameter problem - require explicit security rule match
    Require an explicit Security policy match for Parameter Problem ICMPv6 messages, even when the message is associated with an existing session.
    ICMPv6 redirect - require explicit security rule match
    Require an explicit Security policy match for Redirect Message ICMPv6 messages, even when the message is associated with an existing session.

    © 2025 Palo Alto Networks, Inc. All rights reserved.