After receiving an ICMP packet indicating that a network or host is unreachable, certain systems directly regard that follow-up packets to the network or the host cannot reach the destination, and therefore break the connection between the host and the destination. Knowing this, attackers forge ICMP unreachable packets to break the connections between victims and destinations to launch attacks.
After ICMP unreachable packet attack defense is enabled, the FW discards ICMP unreachable packets and log attacks.