[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Blocking Large ICMP Packets

Because ICMP packets contain very short messages, there is no legitimate reason for large ICMP packets. If an ICMP packet is unusually large, something is wrong.

Before You Begin

For background information, read Understanding Large ICMP Packet Protection.

You can use either J-Web or the CLI configuration editor to block large ICMP packets. The specified security zone is the one from which the ICMP packets originated.

This topic covers:

J-Web Configuration

To configure screens:

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Screen, click Edit.
  4. Next to Ids option, click Add new entry.
  5. In the Name box, type icmp-large.
  6. Next to Icmp, click Configure.
  7. Next to Large, select the check box and click OK.
  8. To save and commit the configuration, click Commit.

To configure zones:

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Zones, click Configure.
  4. Next to Security zone, click Add new entry.
  5. In the Name box, type zone.
  6. In the Screen box, type icmp-large and click OK.
  7. To save and commit the configuration, click Commit.

CLI Configuration

user@host# set security screen ids-option icmp-large icmp large
user@host# set security zones security-zone zone screen icmp-large

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]