Note
When the number of incomplete sessions from a same host reaches the maximum value
(Maximum incomplete TCP/UDP sessions number from same host), a security
alert symbol (
the Security section, an alert message next to SPI indicates the security violation. Click Alert
to view the log details on the System > Log page. Click Clear to remove the alert message
from the status page.
This page includes the following settings:
Enable
Enables the SPI features on the router.
Connection Policy
•
Fragmentation half-open wait: Configures the number of seconds that a packet state
structure remains active. When the timeout value expires, the router drops the un-assembled
packet, freeing that structure for use by another packet.
•
TCP SYN wait: Defines how long the software waits for a TCP session to synchronize
before dropping the session.
•
TCP FIN wait: Specifies how long a TCP session is maintained after the firewall detects a
FIN packet.
96
Firewall configuration
) displays on the Security line of the System > Status page. If you open