ICMP type 3 destination unreachable packet dropped

Description

ICMP type 3 Code 3 are dropped due to Policy Drop when a server sends a UDP packet with an ICMP reinforce to validate the receiving packet.

Packet capture shows the packets are being received but Event Log shows the packet was dropped due to policy.

The packets are ICMP type 3 (Destination unreachable) code 3 (Port unreachable)

Cause

Servers communicate via UDP transport protocol. UDP doesn't have a transport method to inform when a port is unavailable.

The ICMP packet is used for that purpose. When the port is not available on the server it responds with ICMP type 3 code 3

We will drop the ICMP packet.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


  • Access the internal settings of the firewall and look for ICMP settings.
  • Disable option: Enable enforcement of Dropping Unreachable ICMP packet .
    Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


  • Access the internal settings of the firewall and look for ICMP settings.
  • Disable option: Enable enforcement of Dropping Unreachable ICMP packet .Image

Related Articles

  • How to configure Link Aggregation
    Read More
  • Web Proxy Forwarding is not Supported to a Server on the LAN
    Read More
  • アプリケーション制御を使用して ICMP(Ping)をブロックする方法
    Read More

Categories

Firewalls
NSa Series
Firmware
not finding your answers?
Ask the Community