About Unhandled Packets
An unhandled packet is a packet that does not match any policy rule. The Firebox always denies unhandled packets. You can change the device settings to further protect your network.
- Select Firewall > Default Packet Handling.
The Default Packet Handling page opens.
- Select or clear the check boxes for these options:
Auto-block source IP of unhandled external packets
Select to automatically block the IP address of the source of unhandled packets received on an external interface. The Firebox adds the IP address that sent the packet to the temporary Blocked Sites list.
Use caution with this check box. Selecting this option will block all traffic from a remote host if a packet, such as a ping request, does not match a Firebox policy.
Send an error message to clients whose connections are disabled
Select to send a TCP reset or ICMP error back to the client when the Firebox receives an unhandled packet.
The "Auto-block source of packets not handled" option does not apply to broadcast traffic that is dropped as unhandled.
To modify the unhandled packet configuration, from Policy Manager:
- Click .
Or, select Setup > Default Threat Protection > Default Packet Handling.
The Default Packet Handling dialog box opens.
- Select or clear the check boxes for these options:
Auto-block source IP of unhandled external packets
Select to automatically block the IP address of the source of unhandled packets received on an external interface. The Firebox adds the IP address that sent the packet to the temporary Blocked Sites list.
Use caution with this check box. Selecting this option will block all traffic from a remote host if a packet, such as a ping request, does not match a Firebox policy.
Send an error message to clients whose connections are disabled
Select to send a TCP reset or ICMP error back to the client when the Firebox receives an unhandled packet.
The "Auto-block source of packets not handled" option does not apply to broadcast traffic that is dropped as unhandled.
See Statistics on Unhandled Packets
You can see statistics on unhandled packets received by the Firebox on the Visual Display of Policy Usage (Service Watch) in Firebox System Manager. From the Show connections by drop-down list, you can select to show connections by rule instead of policy.
You can use Policy Checker to confirm which connections are handled by Firebox policies. For more information, go to Use Policy Checker to Find a Policy.