1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Stateful Inspection Settings - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

13.5. Stateful Inspection Settings

13.5. Stateful Inspection Settings
LogConnectionUsage
This generates a log message for every packet that passes through a connection that is set up in the
NetDefendOS state-engine. Traffic whose destination is the D-Link Firewall itself, for example
NetDefendOS management traffic, is not subject to this setting.
The log message includes port, service, source/destination IP address and interface. This setting
should only be enabled for diagnostic and testing purposes since it generates unwieldy volumes of
log messages and can also significantly impair throughput performance.
Default: Disabled
ConnReplace
Allows new additions to NetDefendOS's connection list to replace the oldest connections if there is
no available space.
Default: ReplaceLog
LogOpenFails
In some instances where the Rules section determines that a packet should be allowed through, the
stateful inspection mechanism may subsequently decide that the packet cannot open a new
connection. One example of this is a TCP packet that, although allowed by the Rules section and not
being part of an established connection, has its SYN flag off. Such packets can never open new
connections. In addition, new connections can never be opened by ICMP messages other than ICMP
ECHO (Ping). This setting determines if NetDefendOS is to log the occurrence of such packets.
Default: Enabled
LogReverseOpens
Determines if NetDefendOS logs packets that attempt to open a new connection back through one
that is already open. This only applies to TCP packets with the SYN flag turned on and to ICMP
ECHO packets. In the case of other protocols such as UDP, there is no way of determining whether
the remote peer is attempting to open a new connection.
Default: Enabled
LogStateViolations
Determines if NetDefendOS logs packets that violate the expected state switching diagram of a
connection, for instance, getting TCP FIN packets in response to TCP SYN packets.
Default: Enabled
MaxConnections
Specifies how many connections NetDefendOS may keep open at any one time. Each connection
consumes approximately 150 bytes RAM. When this setting is dynamic, NetDefendOS will try to
use as many connections as is allowed by product.
Default: <dynamic>
LogConnections
Specifies how NetDefendOS, will log connections:
314
Chapter 13. Advanced Settings

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents