• SonicOS 7
• Advanced
  • Changing Between SonicOS and SonicOSX
    • Changing From Classic to Policy Mode
    • Changing From Policy to Classic Mode
  • Detection Prevention
  • Dynamic Ports
  • Source Routed Packets
  • Internal VLAN
  • Access Rule Options
  • IP and UDP Checksum Enforcement
  • Connections
  • IPv6 Advanced Configuration
  • Control Plane Flood Protection
• Flood Protection
  • TCP Settings
    • Layer 3 SYN Flood Protection- SYN Proxy
    • Layer 2 SYN/RST/FIN Flood Protection - MAC Blacklisting
    • WAN DDOS Protection (Non-TCP Floods)
    • TCP Traffic Statistics
  • UDP Settings
  • ICMP Settings
• SSL Control
  • Key Features of SSL Control
  • Key Concepts to SSL Control
  • Caveats and Advisories
  • Configuring SSL Control
  • Custom List
  • Enabling SSL Control on Zones
• Cipher Control
  • TLS Ciphers
    • Blocking/Unblocking Ciphers
    • Filtering Ciphers
      • Selecting Display Options
      • Displaying Ciphers by Strength
      • Displaying Ciphers by Block/Unblock
      • Displaying Ciphers by CBC Mode
      • Displaying Ciphers by TLS Protocol Version
  • SSH Ciphers
• Real-Time Black List (RBL) Filter
  • Configuring the RBL Filter
    • Enabling RBL Blocking
    • Adding RBL Services
    • Configuring User-Defined SMTP Server Lists
      • Configuring a White List
      • Configuring a Black List
    • Testing SMTP IP Addresses

ICMP Settings

To configure ICMP Settings, navigate to Network > Firewall > Flood Protection > UDP > ICMP page.

ICMP Flood Protection for IPv4 version

ICMP Flood Protection functions identically to UDP Flood Protection, except it monitors for ICMPv4/ICMPv6 Flood Attacks. The only difference is that DNS queries are not allowed to bypass ICMP Flood Protection.

To configure ICMP Flood Protection for IPv4 version, navigate to Network > Firewall > Flood Protection > UDP > ICMP > IPv4 tab.

• Enable ICMP Flood Protection – Enables ICMP Flood Protection.

  Enable ICMP Flood Protection must be enabled to activate the other ICMP Flood Protection options.

• ICMP Flood Attack Threshold – The maximum number of ICMP packets allowed per second to be sent to a host, range, or subnet. Exceeding this threshold triggers ICMP Flood Protection. The minimum number is 10, the maximum number is 100000, and the default number is 200.

• ICMP Flood Attack Blocking Time – After the appliance detects the rate of ICMP packets exceeding the attack threshold for this duration of time, ICMP Flood Protection is activated, and the appliance will begin dropping subsequent ICMP packets. The minimum time is 1 second, the maximum time is 120 seconds, and the default time is 2 seconds.

• ICMP Flood Attack Protected Destination List – The destination address object or address group that will be protected from ICMP Flood Attack.

  Select Any to apply the Attack Threshold to the sum of ICMP packets passing through the firewall.

• Click Accept.

ICMP Traffic Statistics

icmp Traffic Statistics

This statistic	Is incremented/displays
Connections Opened	When a connection is opened.
Connections Closed	When a connection is closed.
Total ICMP Packets	With every processed ICMPv4 packet.
Validated Packets Passed	When a ICMPv4 packet passes checksum validation (while ICMPv4 checksum validation is enabled).
Malformed Packets Dropped	When: ICMPv4 checksum fails validation (while ICMPv4 checksum validation is enabled). The ICMPv4 header length is calculated to be greater than the packet’s data length.
Average ICMP Packet Rate (Packets/Sec)	The average number of ICMPv4 Packet Rate per second.
ICMP Floods In Progress	The number of individual forwarding devices currently exceeding the ICMPv4 Flood Attack Threshold.
Total ICMP Floods Detected	The total number of events in which a forwarding device has exceeded the ICMPv4 Flood Attack Threshold.
Total ICMP Flood Packets Rejected	The total number of packets dropped because of ICMPv4 Flood Attack detection. Clicking on the Statistics icon displays a pop-up dialog showing the most recent rejected packets.

To clear and restart the statistics displayed, click Clear Statistics icon.

ICMP Flood Protection for IPv6 version

ICMP Flood Protection functions identically to UDP Flood Protection, except it monitors for ICMPv4/ICMPv6 Flood Attacks. The only difference is that DNS queries are not allowed to bypass ICMP Flood Protection.

To configure ICMP Flood Protection for IPv4 version, navigate to Network > Firewall > Flood Protection > UDP > ICMP > IPv6 tab.

• Enable ICMPv6 Flood Protection – Enables ICMPv6 Flood Protection.

Enable ICMPv6 Flood Protection must be enabled to activate the other ICMPv6 Flood Protection options.

• ICMPv6 Flood Attack Threshold – The maximum number of ICMPv6 packets allowed per second to be sent to a host, range, or subnet. Exceeding this threshold triggers ICMPv6 Flood Protection. The minimum number is 10, the maximum number is 100000, and the default number is 200.
• ICMPv6 Flood Attack Blocking Time – After the appliance detects the rate of ICMPv6 packets exceeding the attack threshold for this duration of time, ICMPv6 Flood Protection is activated, and the appliance will begin dropping subsequent ICMPv6 packets. The minimum time is 1 second, the maximum time is 120 seconds, and the default time is 2 seconds.
• ICMPv6 Flood Attack Protected Destination List – The destination address object or address group that will be protected from ICMPv6 Flood Attack.

Select Any to apply the Attack Threshold to the sum of ICMPv6 packets passing through the firewall.

• Click Accept.

ICMPv6 Traffic Statistics

icmp Traffic Statistics

This statistic	Is incremented/displays
Connections Opened	When a connection is opened.
Connections Closed	When a connection is closed.
Total ICMPv6 Packets	With every processed ICMPv6 packet.
Validated Packets Passed	When a ICMPv6 packet passes checksum validation (while ICMPv6 checksum validation is enabled).
Malformed Packets Dropped	When: ICMPv6 checksum fails validation (while ICMPv4 checksum validation is enabled). The ICMPv6 header length is calculated to be greater than the packet’s data length.
Average ICMP Packet Rate (Packets/Sec)	The average number of ICMPv6 Packet Rate per second.
ICMPv6 Floods In Progress	The number of individual forwarding devices currently exceeding the ICMPv6 Flood Attack Threshold.
Total ICMPv6 Floods Detected	The total number of events in which a forwarding device has exceeded the ICMPv6 Flood Attack Threshold.
Total ICMPv6 Flood Packets Rejected	The total number of packets dropped because of ICMPv6 Flood Attack detection. Clicking on the Statistics icon displays a pop-up dialog showing the most recent rejected packets.

To clear and restart the statistics displayed, click Clear Statistics icon.