You can use access control lists to control which packets are authorized to pass through an interface. When a packet matches a rule on the access control list, the rule specifies whether the Branch Gateway:

• Accepts the packet or drops the packet.

• Sends an ICMP error reply if it drops the packet.

• Sends an SNMP trap if it drops the packet.