The firewall defend large-icmp enable command enables the large ICMP packet attack defense.
The undo firewall defend large-icmp enable command disables the large ICMP packet attack defense.
By default, the large ICMP packet attack defense is disabled.
The maximum length of allowed ICMP packets can be configured as required. When the actual ICMP packet length exceeds the value, the device considers that the large ICMP packet attack takes place, discards the packet, and reports an attack log.