• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Firewall
  • Firewall Workflow
• Advanced
  • Changing Between SonicOS
    • Changing From Classic to Policy Mode
    • Changing From Policy to Classic Mode
  • Detection Prevention
  • Dynamic Ports
  • Source Routed Packets
  • Internal VLAN
  • Access Rule Options
  • IP and UDP Checksum Enforcement
  • Jumbo Frame
  • Connections
  • Control Plane Flood Protection
  • IPv6 Advanced Configuration
  • TCP
    • TCP Settings
    • Layer 3 SYN Flood Protection- SYN Proxy
    • Layer 2 SYN/RST/FIN Flood Protection - MAC Blacklisting
    • WAN DDOS Protection (Non-TCP Floods)
    • TCP Traffic Statistics
  • UDP
    • UDP Settings
    • UDP Flood Protection
    • UDP Traffic Statistics
    • UDPV6 Traffic Statistics
  • ICMP
    • ICMP Flood Protection for IPv4 version
    • ICMP Traffic Statistics
    • ICMP Flood Protection for IPv6 version
    • ICMPv6 Traffic Statistics
• Flood Protection
• SSL Control
  • Key Features of SSL Control
  • Key Concepts to SSL Control
  • Caveats and Advisories
  • Configuring SSL Control
  • Custom List
  • Enabling SSL Control on Zones
  • SSL Control Events
• Cipher Control
  • TLS Ciphers
    • Blocking/Unblocking Ciphers
    • Filtering Ciphers
      • Selecting Display Options
      • Displaying Ciphers by Strength
      • Displaying Ciphers by Block/Unblock
      • Displaying Ciphers by CBC Mode
      • Displaying Ciphers by TLS Protocol Version
  • SSH Ciphers
• Real-Time Black List (RBL) Filter
  • Configuring the RBL Filter
    • Enabling RBL Blocking
    • Adding RBL Services
    • Configuring User-Defined SMTP Server Lists
      • Configuring a White List
      • Configuring a Black List
    • Testing SMTP IP Addresses
• Use cases

ICMP Flood Protection for IPv6 version

ICMP Flood Protection functions identically to UDP Flood Protection, except it monitors for ICMPv4/ICMPv6 Flood Attacks. The only difference is that DNS queries are not allowed to bypass ICMP Flood Protection.

To configure ICMP Flood Protection for IPv4 version, navigate to Network > Firewall > Flood Protection > UDP > ICMP > IPv6 tab.

• Enable ICMPv6 Flood Protection – Enables ICMPv6 Flood Protection.

Enable ICMPv6 Flood Protection must be enabled to activate the other ICMPv6 Flood Protection options.

• ICMPv6 Flood Attack Threshold – The maximum number of ICMPv6 packets allowed per second to be sent to a host, range, or subnet. Exceeding this threshold triggers ICMPv6 Flood Protection. The minimum number is 10, the maximum number is 100000, and the default number is 200.
• ICMPv6 Flood Attack Blocking Time – After the appliance detects the rate of ICMPv6 packets exceeding the attack threshold for this duration of time, ICMPv6 Flood Protection is activated, and the appliance will begin dropping subsequent ICMPv6 packets. The minimum time is 1 second, the maximum time is 120 seconds, and the default time is 2 seconds.
• ICMPv6 Flood Attack Protected Destination List – The destination address object or address group that will be protected from ICMPv6 Flood Attack.

Select Any to apply the Attack Threshold to the sum of ICMPv6 packets passing through the firewall.

• Click Accept.