The firewall defend tracert enable command enables the Tracert packet attack defense.
The undo firewall defend tracert enable command disables the Tracert packet attack defense.
By default, the Tracert packet attack defense is disabled.
After the Tracert packet attack defense is configured, a FW discards ICMP timeout packets, UDP timeout packets, or destination port unreachable packets. In this way, attackers cannot discover the network topology using commands, such as Tracert.