diff --git a/vmware_nsxlib/tests/unit/v3/test_security.py b/vmware_nsxlib/tests/unit/v3/test_security.py
index f869e537..34184c56 100644
--- a/vmware_nsxlib/tests/unit/v3/test_security.py
+++ b/vmware_nsxlib/tests/unit/v3/test_security.py
@@ -255,6 +255,27 @@ class TestNsxLibFirewallSection(nsxlib_testcase.NsxLibTestCase):
                               None, section_id, group_id, False,
                               "ALLOW", rules, {rule_id: target_id})
 
+    def test_create_rule_with_illegal_icmp_0_255(self):
+        rule_id = uuidutils.generate_uuid()
+        rule = {'id': rule_id,
+                'ethertype': 'IPv4',
+                'protocol': 'icmp',
+                'direction': 'egress',
+                'port_range_min': 0,
+                'port_range_max': 255,
+                'remote_ip_prefix': None}
+        rules = [rule]
+        section_id = 'section-id'
+        group_id = 'nsgroup-id'
+        target_id = 'dummy'
+        with mock.patch("vmware_nsxlib.v3.NsxLib.get_version",
+                        return_value="2.4.0"):
+            self.assertRaises(
+                nsxlib_exc.InvalidInput,
+                self.nsxlib.firewall_section.create_section_rules,
+                section_id, group_id, False,
+                "ALLOW", rules, {rule_id: target_id})
+
     def test_create_with_rules(self):
         expected_body = {
             'display_name': 'display-name',
diff --git a/vmware_nsxlib/v3/utils.py b/vmware_nsxlib/v3/utils.py
index 8626afb3..56d1a9d1 100644
--- a/vmware_nsxlib/v3/utils.py
+++ b/vmware_nsxlib/v3/utils.py
@@ -567,7 +567,7 @@ def validate_icmp_params(icmp_type, icmp_code, icmp_version=4, strict=False):
     if icmp_version != 4:
         # ICMPv6 is currently not supported
         return
-    if icmp_type:
+    if icmp_type is not None:
         if (strict and icmp_type not in
                 constants.IPV4_ICMP_STRICT_TYPES):
             raise nsxlib_exceptions.InvalidInput(