[x]

Configuring ASPF > Enabling ICMP error message sending for packet dropping by security policies applied to zone pairs

 

 Next

Enabling ICMP error message sending for packet dropping by security policies applied to zone pairs

By default, the device drops packets that do not match security policies applied to zone pairs, and it does not send ICMP error messages for the dropping events. This mechanism reduces useless packets transmitted over the network and saves bandwidth.

Enable this feature when you use traceroute, for ICMP error messages in this situation are required.

To enable the device to send ICMP error messages for packet dropping by security policies applied to zone pairs:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable the device to send ICMP error messages for packet dropping by security policies applied to zone pairs.

aspf icmp-error reply

By default, the device does not send ICMP error messages when the device drops packets that do not match security policies applied to zone pairs.

prev

 

up

 next

Applying an ASPF policy to a zone pair 

home

 Displaying and maintaining ASPF

© Copyright 2017 Hewlett Packard Enterprise Development LP