About Unhandled Packets

An unhandled packet is a packet that does not match any policy rule. The Firebox always denies unhandled packets. You can change the device settings to further protect your network.

To modify the unhandled packet configuration, from Fireware Web UI:

  1. Select Firewall > Default Packet Handling.
    The Default Packet Handling page opens.

Screen shot of the Default Packet Handling page

  1. Select or clear the check boxes for these options: 

Auto-block source IP of unhandled external packets

Select to automatically block the IP address of the source of unhandled packets received on an external interface. The Firebox adds the IP address that sent the packet to the temporary Blocked Sites list.

Use caution with this check box. Selecting this option will block all traffic from a remote host if a packet, such as a ping request, does not match a Firebox policy.

Send an error message to clients whose connections are disabled

Select to send a TCP reset or ICMP error back to the client when the Firebox receives an unhandled packet.

The "Auto-block source of packets not handled" option does not apply to broadcast traffic that is dropped as unhandled.

To modify the unhandled packet configuration, from Policy Manager:

  1. Click .
    Or, select Setup > Default Threat Protection > Default Packet Handling.
    The Default Packet Handling dialog box opens.

Screen shot of the Default Packet Handling dialog box

  1. Select or clear the check boxes for these options: 

Auto-block source IP of unhandled external packets

Select to automatically block the IP address of the source of unhandled packets received on an external interface. The Firebox adds the IP address that sent the packet to the temporary Blocked Sites list.

Use caution with this check box. Selecting this option will block all traffic from a remote host if a packet, such as a ping request, does not match a Firebox policy.

Send an error message to clients whose connections are disabled

Select to send a TCP reset or ICMP error back to the client when the Firebox receives an unhandled packet.

The "Auto-block source of packets not handled" option does not apply to broadcast traffic that is dropped as unhandled.

See Statistics on Unhandled Packets

You can see statistics on unhandled packets received by the Firebox on the Visual Display of Policy Usage (Service Watch) in Firebox System Manager. From the Show connections by drop-down list, you can select to show connections by rule instead of policy.

You can use Policy Checker to confirm which connections are handled by Firebox policies. For more information, see Use Policy Checker to Find a Policy.

See Also 

About Blocked Sites

About Default Packet Handling Options