Zone Protection Profile Settings—Packet Based Attack Protection
ICMP Ping ID 0
Packet Based Attack Protection
Discard packets if the ICMP ping packet has an identifier value of 0.
Discard packets that consist of ICMP fragments.
ICMP Large Packet (>1024)
Discard ICMP packets that are larger than 1024 bytes.
Discard ICMP embedded with error message
Discard ICMP packets that are embedded with an error message.
Suppress ICMP TTL Expired Error
Stop sending ICMP TTL expired messages.
Suppress ICMP Frag Needed
Stop sending ICMP fragmentation needed messages in response to packets that exceed the interface MTU and have the do not fragment (DF) bit set. This setting will interfere with the PMTUD process performed by hosts behind the firewall.