The firewall fragment-discard enable command enables the discarding of fragment packets.
The undo firewall fragment-discard enable command disables the discarding of fragment packets.
The device can cache, discard, or directly forward fragments.
By default, the direct forwarding of fragment packets and the discarding of fragment packets is disabled. That is, fragment packets are cached by default.
After you run the firewall fragment-discard enable command to enable the discarding of fragment packets, the device discards the received fragments.
After you run the firewall fragment-forward enable command to enable the direct forwarding of fragment packets, the device directly forwards the received fragments. If the first received fragment is the first fragment, the device enters the normal session process. If the first received fragment is a subsequent fragment, the device transparently transmits the fragment without entering the session process.
To cache fragmented packets, disable the direct forwarding of fragment packets and the discarding of fragment packets. You can run the firewall fragment-cache-maximum command to set the maximum number of the cached fragments of a packet. If the number of packet fragments exceeds the specified maximum, the device discards the packet.