To instruct the firewall to drop certain IPv6 packets it receives in the zone, select the following settings to enable them.
Zone Protection Profile Settings—Packet Based Attack Protection
Type 0 Routing Heading
NetworkNetwork ProfilesZone ProtectionPacket Based Attack ProtectionIPv6 Drop
Discard IPv6 packets containing a Type 0 routing header. See RFC 5095 for Type 0 routing header information.
IPv4 compatible address
Discard IPv6 packets that are defined as an RFC 4291 IPv4-Compatible IPv6 address.
Anycast source address
Discard IPv6 packets that contain an anycast source address.
Needless fragment header
Discard IPv6 packets with the last fragment flag (M=0) and offset of zero.
MTU in ICMP ‘Packet Too Big’ less than 1280 bytes
Discard IPv6 packets that contain a Packet Too Big ICMPv6 message when the maximum transmission unit (MTU) is less than 1,280 bytes.
Discard IPv6 packets that contain the Hop-by-Hop Options extension header.
Discard IPv6 packets that contain the Routing extension header, which directs packets to one or more intermediate nodes on its way to its destination.
Discard IPv6 packets that contain the Destination Options extension, which contains options intended only for the destination of the packet.
Invalid IPv6 options in extension header
Discard IPv6 packets that contain invalid IPv6 options in an extension header.
Non-zero reserved field
Discard IPv6 packets that have a header with a reserved field not set to zero.
IP Drop To instruct the firewall what to do with certain IP packets it receives in the zone, specify the following settings. Zone Protection Profile ...
Networking Features New Networking Features Description Tunnel Content Inspection The firewall can now inspect the traffic content of cleartext tunnel protocols: Generic Routing Encapsulation (GRE) ...
OSPFv3 OSPFv3 provides support for the OSPF routing protocol within an IPv6 network. As such, it provides support for IPv6 addresses and prefixes. It retains ...
TCP Drop To instruct the firewall what to do with certain TCP packets it receives in the zone, specify the following settings. Zone Protection Profile ...
Building Blocks in a Tunnel Inspection Policy
Building Blocks in a Tunnel Inspection Policy The following table describes the fields you configure for a Tunnel Inspection policy. Building Blocks in a Tunnel ...
Configure Tunnel Content Inspection
Configure Tunnel Content Inspection Perform this task to configure tunnel content inspection for a tunnel protocol that you allow in a tunnel. Create a Security ...
Packet-Based Attack Protection
Packet-Based Attack Protection Packet-based attacks take many forms. Zone protection profiles check IP, TCP, ICMP, IPv6, and ICMPv6 packet header parameters and protect a zone ...
ICMP Drop To instruct the firewall to drop certain ICMP packets it receives in the zone, select the following settings to enable them. Zone Protection ...