- NG Firewall firmware versions 4.2.x,5.0.x, 5.2.x
- netfence firmware versions 4.2.x
What is the meaning of the following firewall history entries? How can the this limits be changed?
"Block Size Limit Exceeded" (associated with Event-ID 4012 - "FW Large ICMP Packet Dumped")
"Rate Limit Exceeded" (associated with Event-ID 4002 - "FW Flood Ping Protection Activated")
The entry "Block Size Limit Exceeded" indicates that maximum ping size (default: 10000 bytes) has been reached.
The entry "Rate Limit Exceeded" indicates that the configured minimum offset between solitary pings (default: 10 ms) has been under-run.
The effective default values are configured in the ICMP (Global) object of a firewall rule set.
1) To change these values browse to "Config" > "Box" > "Virtual Servers" > "<Servername>" > "Affected Services" > "<Servicename>" > "Forwarding Rules" > "Services Objects".
2) Edit the ICMP (Global) Object.
3) The following parameters in the ICMP Echo section influence the described Access Cache entries:
- Increasing the "Max Ping Size" value will most probably reduce "Block Size Limit Exceeded" entries.
- Decreasing the "Min Delay" value will most probably reduce "Rate Limit Exceeded" entries.