Why ICMP error type3code4 does not change MTU on management interface?

Why ICMP error type3code4 does not change MTU on management interface?

3285
Created On 10/10/22 05:13 AM - Last Modified 10/17/24 09:51 AM


Question


Why ICMP error type3code4 does not change MTU on management interface?

Environment


This can be seen where permitted IP address list is used on management interface and the router/hop IP sourcing the ICMP error message is not present in the permitted IP list. The packets from the management interface can be seen retransmitting with the same size and eventually connection fails.

Answer


As permitted IP list is used to control the inbound connections on management interface, the icmp error message is discarded and has no effect on MTU. In such cases, either reduce the MTU manually or add the IP/IP-range of the router/hop sourcing the ICMP error message.Screenshot 2022-10-10 at 1.27.14 PM.png
 
 

Additional Information


Same behaviour is applicable to all ICMP error messages.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlmDCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language