Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Mandatory Reject Rules for Invalid Fragments and Fragmented IP Packets


This topic describes how to configure mandatory reject rules for invalid fragments and fragmented IP packets that cannot be reassembled.

  • Before you begin, log in with your root account and edit the configuration.


You can enter the configuration commands in any order and commit all the commands at once.

To configure mandatory reject rules:

  1. Specify the flow configuration to forcefully reassemble the IP fragments.
  2. Delete the screen ID and the IDS options and enable the ICMP fragment IDS option.
  3. Delete the IP layer IDS option and enable the IP fragment blocking IDS option.