Contents

Related Topics

About Unhandled Packets

An unhandled packet is a packet that does not match any policy rule. By default, the Firebox always denies unhandled packets. You can change the device settings to further protect your network.

To modify the unhandled packet configuration, from Fireware Web UI:

  1. Select Firewall > Default Packet Handling.
    The Default Packet Handling page appears.

Screen shot of the Default Packet Handling page

  1. Select or clear the check boxes for these options: 

Auto-block source of packets not handled

Select to automatically block the source of unhandled packets. The Firebox adds the IP address that sent the packet to the temporary Blocked Sites list.

Use caution with this check box. Selecting this option will block all traffic from a remote host if a packet, such as a ping request, does not match a Firebox policy.

Send an error message to clients whose connections are disabled

Select to send a TCP reset or ICMP error back to the client when the Firebox receives an unhandled packet.

The "Auto-block source of packets not handled" option does not apply to broadcast traffic that is dropped as unhandled.

To modify the unhandled packet configuration, from Policy Manager:

  1. Click .
    Or, select Setup > Default Threat Protection > Default Packet Handling.
    The Default Packet Handling dialog box appears.

Screen shot of the Default Packet Handling dialog box

  1. Select or clear the check boxes for these options: 

Auto-block source of packets not handled

Select to automatically block the source of unhandled packets. The Firebox adds the IP address that sent the packet to the temporary Blocked Sites list.

Use caution with this check box. Selecting this option will block all traffic from a remote host if a packet, such as a ping request, does not match a Firebox policy.

Send an error message to clients whose connections are disabled

Select to send a TCP reset or ICMP error back to the client when the Firebox receives an unhandled packet.

The "Auto-block source of packets not handled" option does not apply to broadcast traffic that is dropped as unhandled.

See Statistics on Unhandled Packets

You can see statistics on unhandled packets received by the Firebox on the Visual Display of Policy Usage (Service Watch)  in Firebox System Manager. From the Show connections by drop-down list, you can select to show connections by rule instead of policy.

You can use Policy Checker to confirm which connections are handled by Firebox policies. For more information, see Use Policy Checker to Find a Policy.

See Also 

About Blocked Sites

About Default Packet Handling Options

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.