To instruct the firewall to drop certain ICMP packets
it receives in the zone, select the following settings to enable
Zone Protection Profile Settings—Packet Based Attack Protection
ICMP Ping ID 0
Packet Based Attack Protection
Discard packets if the ICMP ping packet
has an identifier value of 0.
Discard packets that consist of ICMP fragments.
ICMP Large Packet (>1024)
Discard ICMP packets that are larger than
Discard ICMP embedded with error message
Discard ICMP packets that are embedded with
an error message.
Suppress ICMP TTL Expired Error
Stop sending ICMP TTL expired messages.
Suppress ICMP Frag Needed
Stop sending ICMP fragmentation needed messages
in response to packets that exceed the interface MTU and have the
do not fragment (DF) bit set. This setting will interfere with the
PMTUD process performed by hosts behind the firewall.