Fortinet white logo
Fortinet white logo

Hyperscale Firewall Guide

htx-icmp-csum-chk { drop | pass}

htx-icmp-csum-chk { drop | pass}

You can use the following command to configure NP7 processors to send ICMP packets with checksum errors to the CPU:

config system npu

config fp-anomaly

set icmp-csum-err trap-to-host

end

You might set up this configuration if you have configured a DoS firewall policy that includes ICMP DoS protection.

In addition to the above configuration, you can use the following command to block or allow NP7 processors to send ICMP packets with checksum errors to the CPU:

config system npu

set htx-icmp-csum-chk {drop | pass}

end

drop block ICMP packets with checksum errors. This is the default setting.

pass forward ICMP packets with checksum errors to the CPU.

htx-icmp-csum-chk { drop | pass}

htx-icmp-csum-chk { drop | pass}

You can use the following command to configure NP7 processors to send ICMP packets with checksum errors to the CPU:

config system npu

config fp-anomaly

set icmp-csum-err trap-to-host

end

You might set up this configuration if you have configured a DoS firewall policy that includes ICMP DoS protection.

In addition to the above configuration, you can use the following command to block or allow NP7 processors to send ICMP packets with checksum errors to the CPU:

config system npu

set htx-icmp-csum-chk {drop | pass}

end

drop block ICMP packets with checksum errors. This is the default setting.

pass forward ICMP packets with checksum errors to the CPU.