Details
SonicWALL – Detection Prevention – Never generate ICMP Time-Exceeded packets. The SonicWALL appliance generates Time-Exceeded packets to report when it has dropped a packet because its TTL value has decreased to zero. Select this option if you do not want the SonicWALL appliance to generate these reporting packets.
Solution
Navigate to Firewall Settings->Advanced->Detection Prevention and check off ‘Never generate ICMP Time-Exceeded packets’ and ‘Decrement IP TTL for forwarded traffic’.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system SonicWALL.