Enabling Advanced Protection Settings; Ip Spoofing Protection; Tcp Flag Validation - Symantec 460R - Gateway Security Administrator's Manual

Administration guide

Hide thumbs Also See for 460R - Gateway Security:

Installation manual (54 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

Table of Contents

Enabling advanced protection settings

Advanced protection settings help you protect your network beyond attacks that can be identified by

atomic signatures.

IP spoofing protection

Any non-broadcast or multicast packet arriving on a WAN interface with a source IP address that matches

any internal subnet is blocked and flagged as an IP spoofing attempt. Internal subnets are derived from the

LAN side subnet address of the appliance and the static route entries on the appliance for the LAN

interface.

Likewise, any non-broadcast or non-multicast traffic that arrives at the internal or wireless interface with a

source IP address that does not match any predefined internal network is blocked and logged as an internal

IP spoofing attempt. Internal networks are derived from static routes on the unit and the internal LAN/

WLAN address of the unit. Spoof protection can be disabled for the internal LANs and WAN.

To enable IP spoof protection

See

"IDS Protection tab field descriptions"

TCP flag validation

Certain port mapping tools, such as NMAP, use invalid TCP flag combinations to detect a firewall on a

network or map the security policy implemented on the firewall. Symantec Gateway Security 400 Series

blocks and logs any traffic with illegal flag combinations for traffic that is not being denied by the security

policy. Any traffic denied by the security policy that has one or more bad TCP flag combinations is

classified as one of several NMAP port scanning techniques (NMAP Null Scan, NMAP Christmas Scan, and

so on).

To enable TCP flag validation

See

"IDS Protection tab field descriptions"

Next to Protection Area, select an interface to protect.

Click Update.

In the SGMI, in the left pane, click IDS/IPS.

In the right pane, on the Advanced tab, under IP Spoof Protection, check WAN or WLAN/LAN.

Click Save.

In the SGMI, in the left pane, click IDS/IPS.

In the right pane, on the Advanced tab, under TCP Flag Validation, check Enable.

on page 154.

Preventing attacks

Enabling advanced protection settings

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Troubleshooting

Need help?

Do you have a question about the 460R - Gateway Security and is the answer not in the manual?

This manual is also suitable for:

Gateway security 400 series Gateway security 420 Gateway security 440 Gateway security 460

Enabling Advanced Protection Settings; Ip Spoofing Protection; Tcp Flag Validation - Symantec 460R - Gateway Security Administrator's Manual

Enabling advanced protection settings

IP spoofing protection

TCP flag validation

Hide quick links:

Troubleshooting

Need help?

Subscribe to Our Youtube Channel

Related Manuals for Symantec 460R - Gateway Security

Related Content for Symantec 460R - Gateway Security

This manual is also suitable for:

Table of Contents