Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss.
|
Before You Begin |
|---|
|
For background information, read Understanding ICMP Fragment Protection. |
To block fragmented ICMP packets, use the JUNOS CLI configuration editor. The specified security zone is the one from which the fragments originated.
- user@host# set security screen icmp-fragment icmp fragment
- user@host# set security zones security-zone zone screen
icmp-fragment