Enabling Attack Checking - HP 7102dl - ProCurve Secure Router Configuration Manual

Using the Web Browser Interface for Advanced Configuration Tasks
Unlike a true circuit level gateway, the Secure Router OS firewall does not
establish a proxy session to the untrusted host on behalf of the trusted host,
which saves processor power. You can configure Network Address Transla-
tion (NAT) to assign internal hosts a public address. See "Configuring NAT"
on page 16-50.
Application level gateways (ALGs) provide the special handling some appli-
cations need to run properly through a firewall. Each application has a unique
ALG. You can enable and disable the following ALGs on the ProCurve Secure
Router:
H.323
File Transfer Protocol (FTP)
Session Initiation Protocol (SIP)
Point-to-Point Tunneling Protocol (PPTP)
Other options you can configure for the Secure Router OS firewall from the
ProCurve Secure Router interface include:
TCP stealth mode
the timeout for TCP, UDP, and ICMP sessions
The firewall wizard helps you to configure:
many-to-one NAT so that internal hosts can access the Internet using the
public address of a router interface
port forwarding so that Internet users can access servers on your network

Enabling Attack Checking

1. In the left navigation bar, select General Firewall under Firewall.
2. Select the General Settings tab.
3. Check the Enable box.
4. Click Apply.
5. You can check the Stealth TCP Mode box and click Apply to enable stealth
mode. Hackers sometimes use port scanners to map out ports that are
open and closed on a router. When operating in stealth mode, the
ProCurve Secure Router does not send an RST packet when a host
requests a TCP session on a closed port. Stealth mode thus prevents
attackers from learning whether a particular port is open or closed.
Configuring the ProCurve Secure Router OS Firewall
16-29