Ipsettings - D-Link NetDefend DFL-210 Cli Reference Manual

3.39.8. IPSettings

IKECRLValidityTime
IKEMaxCAPath
IPsecCertCacheMaxCerts
IPsecBeforeRules
IPsecGWNameCacheTime
DPDMetric
DPDKeepTime
DPDExpireTime
3.39.8. IPSettings
Description
Settings related to the IP protocol.
Properties
LogCheckSumErrors
LogNonIP4
LogReceivedTTL0
Block0000Src
Block0Net
Block127Net
BlockMulticastSrc
TTLMin
Maximum number of seconds a CRL is considered valid
(0=obey the 'next update' field in the CRL). (Default: 86400)
Maximum number of CA certificates in a certificate path.
(Default: 15)
Maximum number of entries in the certificate cache. (Default:
1024)
Pass IKE & IPsec (ESP/AH) traffic sent to the security gate-
way directly to the IPsec engine without consulting the ruleset.
(Default: Yes)
Amount of time to keep an IPsec tunnel open when the remote
DNS name fails to resolve. (Default: 14400)
Metric 10s of seconds with no traffic or other evidence of life
in tunnel before SA is removed. (Default: 3)
Number 10s of seconds a SA will remain in dead cache after a
delete. DPD will not trigger if peer already is cached as dead.
(Default: 2)
Number of seconds that DPD-R-U-THERE messages will be
sent. (Default: 15)
Note
This object type does not have am identifier and is identified by the name of the type
only. There can only be one instance of this type.
Log IP packets with bad checksums. (Default: Yes)
Log occurrences of non-IPv4 packets. (Default: Yes)
Log received packets with TTL=0; this should never happen!
(Default: Yes)
Block 0.0.0.0 as source address. (Default: Drop)
Block 0.* source addresses. (Default: DropLog)
Block 127.* source addresses. (Default: DropLog)
Block multicast
(224.0.0.0--255.255.255.255). (Default: DropLog)
The minimum IP Time-To-Live value accepted on receipt.
(Default: 3)
129
Chapter 3. Configuration Reference
source addresses