ICMP type 3 destination unreachable packet dropped

Description

ICMP type 3 Code 3 are dropped due to Policy Drop when a server sends a UDP packet with an ICMP reinforce to validate the receiving packet.

Packet capture shows the packets are being received but Event Log shows the packet was dropped due to policy.

The packets are ICMP type 3 (Destination unreachable) code 3 (Port unreachable)

Cause

Servers communicate via UDP transport protocol. UDP doesn't have a transport method to inform when a port is unavailable.

The ICMP packet is used for that purpose. When the port is not available on the server it responds with ICMP type 3 code 3

We will drop the ICMP packet.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


  • Access the internal settings of the firewall and look for ICMP settings.
  • Disable option: Enable enforcement of Dropping Unreachable ICMP packet .
    Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


  • Access the internal settings of the firewall and look for ICMP settings.
  • Disable option: Enable enforcement of Dropping Unreachable ICMP packet .Image

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
NSa Series
Firmware
not finding your answers?
Ask the Community