Allow Unknown Mac Flooding; Skip Tcp Sequence Number Check; Tcp Rst Invalid Session - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring screenos devices guide
Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
Table of Contents

Advertisement

Configuring ScreenOS Devices Guide

Allow Unknown MAC Flooding

Skip TCP Sequence Number Check

TCP RST Invalid Session

124
When disabled, the security device does not cache the source MAC address from
incoming administrative traffic.
By default, this option is disabled.
Use the Allow Unknown MAC Flooding option to control how the security device handles
a packet that has a destination MAC address that is not in the MAC learning table:
When this option is enabled, the security device permits the packet to cross the firewall.
When this option is disabled, the security device drops the packet and does not permit
it to cross the firewall.
By default, this option is enabled.
Use the Skip TCP Sequence Number Check to control how the security device handles
TCP packets with an out-of-sequence TCP number:
When this option is enabled, the security device does not monitor the TCP sequence
number in TCP segments during stateful inspection.
When this option is disabled, the security device detects the window scale specified
by both hosts in a session and adjusts a window for an acceptable range of sequence
numbers according to their specified parameters. The device monitors the sequence
numbers in packets sent between these hosts; if the device detects a sequence number
outside this range, it drops the packet.
By default, this option is enabled.
Use the TCP RST Invalid Session to control how the security device handles a TCP reset
packet (a TCP packet with the RST flag set):
When this option is enabled and the security device receives a TCP reset packet, the
device marks the session for immediate termination.
When this option is disabled, the security device marks the session to termination after
the normal session timeout interval. Normal session timeout intervals for common
protocols:
The TCP session timeout is 30 minutes.
The UDP session timeout is 1 minute.
The HTTP session timeout is 5 minutes.
By default, this option is disabled.
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Table of Contents