Because ICMP packets contain very short messages, there is no legitimate reason for large ICMP packets. If an ICMP packet is unusually large, something is wrong.
Before You Begin |
---|
For background information, read Understanding Large ICMP Packet Protection. |
You can use either J-Web or the CLI configuration editor to block large ICMP packets. The specified security zone is the one from which the ICMP packets originated.
This topic covers:
To configure screens:
To configure zones:
- user@host# set security screen ids-option
icmp-large icmp large
- user@host# set security zones security-zone
zone screen icmp-large