Fortinet black logo

Handbook

Home FortiDDoS-F 6.3.3 Handbook

ICMP Profile

6.3.3
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1
Copy Link
Copy Doc ID 369dfb00-033f-11ed-bb32-fa163e15d75b:142401
Download PDF

ICMP Profile

Use the ICMP Profile to configure various ICMP parameters.

Use a single ICMP Profile for all SPPs unless you need specialized ACLs.

All ICMP Profile parameters can be used with symmetric or asymmetric traffic

You can create a maximum of 64 ICMP Profiles.

Field/Selection

Description

Recommendations

(For Web Servers, Firewalls, DNS Servers)
Name 1-35 characters (a-Z, 0-9, "-", "_" only)

ICMP Strict Anomalies

Drops ICMP Checksum Error, missing payload and other ICMP header anomalies.

Recommended enabled for all SPPs.
ICMP Type Code Anomaly Drops ICMP Type/Code packets where the Type/Code is not ratified by IETF/IANA. Note, less than 200 of the possible 65,536 Type/Code possibilities are ratified. FortiDDoS sets Thresholds for all 65,536 Type/Codes and will mitigate without the ACL but this will drop even single non-ratified packets. Recommended enabled for all SPPs unless substantial IPv6 traffic. New IPv6 Types/Codes are being added frequently. If you are using substantial IPv6, use the existing ICMP Type/Code Thresholds.

ICMP Type Code ACL

Enable to create ICMP Type Code ACLs.

Expert use
  • Name

1-35 characters (a-Z, 0-9, "-", "_" only)

  • ICMP Type Start

0-255
  • ICMP Type End

0-255
  • ICMP Code Start

0-255
  • ICMP Code End

0-255
  • ICMP Version

Select either or both ICMP (v4 - Protocol 1) or ICMPv6 (Protocol 58)

Previous
Next

ICMP Profile

Use the ICMP Profile to configure various ICMP parameters.

Use a single ICMP Profile for all SPPs unless you need specialized ACLs.

All ICMP Profile parameters can be used with symmetric or asymmetric traffic

You can create a maximum of 64 ICMP Profiles.

Field/Selection

Description

Recommendations

(For Web Servers, Firewalls, DNS Servers)
Name 1-35 characters (a-Z, 0-9, "-", "_" only)

ICMP Strict Anomalies

Drops ICMP Checksum Error, missing payload and other ICMP header anomalies.

Recommended enabled for all SPPs.
ICMP Type Code Anomaly Drops ICMP Type/Code packets where the Type/Code is not ratified by IETF/IANA. Note, less than 200 of the possible 65,536 Type/Code possibilities are ratified. FortiDDoS sets Thresholds for all 65,536 Type/Codes and will mitigate without the ACL but this will drop even single non-ratified packets. Recommended enabled for all SPPs unless substantial IPv6 traffic. New IPv6 Types/Codes are being added frequently. If you are using substantial IPv6, use the existing ICMP Type/Code Thresholds.

ICMP Type Code ACL

Enable to create ICMP Type Code ACLs.

Expert use
  • Name

1-35 characters (a-Z, 0-9, "-", "_" only)

  • ICMP Type Start

0-255
  • ICMP Type End

0-255
  • ICMP Code Start

0-255
  • ICMP Code End

0-255
  • ICMP Version

Select either or both ICMP (v4 - Protocol 1) or ICMPv6 (Protocol 58)

Previous
Next