To instruct the firewall to drop certain ICMP packets it receives in the zone, select the following settings to enable them.
Zone Protection Profile Settings—Packet Based Attack Protection
ICMP Ping ID 0
NetworkNetwork ProfilesZone ProtectionPacket Based Attack ProtectionICMP Drop
Discard packets if the ICMP ping packet has an identifier value of 0.
Discard packets that consist of ICMP fragments.
ICMP Large Packet (>1024)
Discard ICMP packets that are larger than 1024 bytes.
Discard ICMP embedded with error message
Discard ICMP packets that are embedded with an error message.
Suppress ICMP TTL Expired Error
Stop sending ICMP TTL expired messages.
Suppress ICMP Frag Needed
Stop sending ICMP fragmentation needed messages in response to packets that exceed the interface MTU and have the do not fragment (DF) bit set. This setting will interfere with the PMTUD process performed by hosts behind the firewall.
ICMP Internet Control Message Protocol (ICMP) ( RFC 792 ) is another one of the main protocols of the Internet Protocol suite; it operates at ...
Zone Protection for a Virtual Wire Interface
You can provide virtual wire interfaces with zone protection; a few packet-based attack protections that are based on IP addresses don’t apply to virtual wire ...
Security Policy Rules Based on ICMP and ICMPv6 Packets
Security Policy Rules Based on ICMP and ICMPv6 Packets The firewall forwards ICMP or ICMPv6 packets only if a security policy rule allows the session ...
IPv6 Drop To instruct the firewall to drop certain IPv6 packets it receives in the zone, select the following settings to enable them. Zone Protection ...
IP Drop To instruct the firewall what to do with certain IP packets it receives in the zone, specify the following settings. Zone Protection Profile ...
Packet-Based Attack Protection
Packet-Based Attack Protection Packet-based attacks take many forms. Zone protection profiles check IP, TCP, ICMP, IPv6, and ICMPv6 packet header parameters and protect a zone ...
Flood Protection Network > Network Profiles > Zone Protection > Flood Protection Configure a profile that provides flood protection against SYN, ICMP, ICMPv6, and UDP ...
Packet Based Attack Protection
Packet Based Attack Protection Network > Network Profiles > Zone Protection > Packet Based Attack Protection You can configure Packet Based Attack protection to drop ...
Session Settings The following table describes session settings. Session Settings Description Rematch Sessions Click Edit and select Rematch Sessions to cause the firewall to apply ...