Configuring Advanced Options; Enabling The Ident Port; Disabling Nat Mode - Symantec 460R - Gateway Security Administrator's Manual

Administration guide

Hide thumbs Also See for 460R - Gateway Security:

Installation manual (54 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

Table of Contents

Network traffic control

Configuring advanced options

Symantec Gateway Security 400 Series has several advanced firewall options for special circumstances.

These include:

Enabling the IDENT port

Queries to the TCP Client Identity Protocol (IDENT) port (113) normally result in the host name and

company name information being returned. However, this service poses a security risk since attackers can

use this information to hone in their attack methodology. By default, the appliance sets all ports to stealth

mode. This configures a computer to appear invisible to those outside of the network. Some servers (like a

certain email or Microsoft Internet Relay Chat (MIRC) servers) use the IDENT port of the system accessing

them.

You can configure the appliance to enable the IDENT port. Enabling this setting makes port 113 closed (not

open) and not stealth. You should enable this setting only if there are problems accessing a server (server

time-outs).

Note: If you experience time-outs when using your mail (SMTP) service, enabling the IDENT port may

correct this problem.

To enable the IDENT Port

See

Disabling NAT mode

You can configure the security gateway to work as a standard network router to separate different subnets

on an internal network. Disabling NAT Mode disables the firewall security functions. This setting should

only be used for intranet deployments where the security gateway is used as a bridge on a protected

network. When the security gateway is configured for NAT mode, it behaves as a 802.1D (MAC bridge)

device.

To disable NAT Mode

See

Enabling the IDENT port

Disabling NAT mode

Blocking ICMP requests

Enabling WAN broadcast storm protection

Enabling IPsec pass-thru

Configuring an exposed host

"Advanced tab field descriptions"

In the SGMI, in the left pane, click Firewall.

In the right pane, on the Advanced tab, under Optional Security Settings, check Enable IDENT Port.

Click Save.

"Advanced tab field descriptions"

In the SGMI, in the left pane, click Firewall.

In the right pane, on the Advanced tab, under Optional Security Settings, check Disable NAT Mode.

Click Save.

on page 143.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Troubleshooting

Need help?

Do you have a question about the 460R - Gateway Security and is the answer not in the manual?

This manual is also suitable for:

Gateway security 400 series Gateway security 420 Gateway security 440 Gateway security 460

Configuring Advanced Options; Enabling The Ident Port; Disabling Nat Mode - Symantec 460R - Gateway Security Administrator's Manual

Configuring advanced options

Enabling the IDENT port

Disabling NAT mode

Hide quick links:

Troubleshooting

Need help?

Subscribe to Our Youtube Channel

Related Manuals for Symantec 460R - Gateway Security

Related Content for Symantec 460R - Gateway Security

This manual is also suitable for:

Table of Contents