Is there an way to permit ping packets larger than 1472 through a Juniper SSG520M firewall?
"Ping of Death" and "Large Size ICMP Packet" protection has already been disabled under the 'Screening' options.
I need to be able to ping from the Trust side to the Untrust side (and perhaps vice versa) with packets larger than 1500 (i.e. ping 192.168.1.1 -l 4096) so I can force fragmentation.
Best Answer
Note that linux ping by default these days seems to set the don't fragment bit. Check the man page for your implementation (as there are several depending on distribution sigh).
For the "iputils" version you want the "-M dont" option.