Knowledge Search


What is an illegal packet?

  [KB5656] Show Article Properties

What is an illegal packet?
  • Get counter shows illegal pak incrementing
  • What is an illegal packet?

For ScreenOS 5.4 and later, the 'illegal pak' counter increases under the following conditions:

At the L2 flow level (Transparent mode):
  1. On L2 flow level, if the firewall receives a PPP packet, this counter is incremented because PPP is not supported
  2. Any other L2 packets which are not supported will increment this counter
At the L3 flow level (Route mode):
  1. If TCP SYN check is enabled (set flow tcp-syn-check), and the firewall receives a non-SYN packet
  2. Invalid source or destination IP address ( All Zero or ones)
  3. First packet is a DNS reply
  4. Firewall user authentication limit has exceeded
  5. Wrong TCP length

Related Links: