Icmp Services - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
3.2.3. ICMP Services
Max Sessions
An important parameter associated with a Service is Max Sessions. This parameter is allocated a
default value when the Service is associated with an ALG. The default value varies according to the
ALG it is associated with. If the default is, for example 100, this would mean that only 100
connections are allowed in total for this Service across all interfaces.
For a Service involving, for instance an HTTP ALG, the default value can often be too low if there
are large numbers of clients connecting through the D-Link Firewall. It is therefore recommended to
consider if a higher value is required for a particular scenario.
Using All Services
When setting up rules that filter by services it is possible to use the service grouping all_services to
refer to all protocols. If just referring to the main protocols of TCP, UDP and ICMP then the service
group all_tcpudpicmp can be used.
3.2.3. ICMP Services
Internet Control Message Protocol (ICMP), is a protocol integrated with IP for error reporting and
transmitting control information. The PING service, for example, uses ICMP to test an Internet
connectivity.
ICMP messages are delivered in IP packets, and includes a Message Type that specifies the type,
that is, the format of the ICMP message, and a Code that is used to further qualify the message. For
example, the message type Destination Unreachable, uses the Code parameter to specify the exact
reason for the error.
The ICMP message types that can be configured in NetDefendOS are listed as follows:
•
Echo Request: sent by PING to a destination in order to check connectivity.
•
Destination Unreachable: the source is told that a problem has occurred when delivering a
packet. There are codes from 0 to 5 for this type:
•
Code 0: Net Unreachable
•
Code 1: Host Unreachable
•
Code 2: Protocol Unreachable
•
Code 3: Port Unreachable
•
Code 4: Cannot Fragment
•
Code 5: Source Route Failed
•
Redirect: the source is told that there is a better route for a particular packet. Codes assigned are
as follows:
•
Code 0: Redirect datagrams for the network
•
Code 1: Redirect datagrams for the host
•
Code 2: Redirect datagrams for the Type of Service and the network
•
Code 3: Redirect datagrams for the Type of Service and the host
•
Parameter Problem: identifies an incorrect parameter on the datagram.
•
Echo Reply: the reply from the destination which is sent as a result of the Echo Request.
78
Chapter 3. Fundamentals
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
