Allowing embedded ICMP packets

Feature(s) and their supported products/applications:

[Collapse All]

[Expand All]

Security flow allows embedded ICMP packets to pass through your device even when there is no session match. By default, an embedded ICMP packet is dropped if it does not match any session. Use the allow-embedded-icmp statement at the [edit security flow] hierarchy level to enable this feature. Once enabled, all packets encapsulated in ICMP pass through and no policy affects this behavior. This feature is useful when you have asymmetric routing in your network and you want to use traceroute and other ICMP applications on your device.

Product / Application	Software	Introduced Release
vSRX	Junos OS	12.1X46-D10
cSRX	cSRX	20.2R1
SRX300	Junos OS	15.1X49-D35
SRX320	Junos OS	15.1X49-D35
SRX340	Junos OS	15.1X49-D35
SRX345	Junos OS	15.1X49-D35
SRX380	Junos OS	20.1R1
SRX550	Junos OS	12.3X48-D10
SRX550 HM	Junos OS	15.1X49-D30
SRX1500	Junos OS	15.1X49-D30
SRX1600	Junos OS	23.4R1
SRX2300	Junos OS	23.4R1
SRX4100	Junos OS	15.1X49-D65
SRX4120	Junos OS	25.2R1
SRX4200	Junos OS	15.1X49-D65
SRX4300	Junos OS	24.2R1
SRX4600	Junos OS	17.4R2
SRX4700	Junos OS	24.4R1-S2
SRX5400	Junos OS	12.3X48-D10
SRX5600	Junos OS	12.3X48-D10
SRX5800	Junos OS	12.3X48-D10

Feature Explorer AI

Allowing embedded ICMP packets

404: Page not found.

Allowing embedded ICMP packets