118 Preventing attacks
Enabling advanced protection settings
TCP flag validation
1
In the SGMI, in the left pane, click IDS/IPS.
2
In the right pane, on the Advanced tab, under IP Spoof Protection, check
WAN or WLAN/LAN.
3
Click Save.
Certain port mapping tools, such as NMAP, use invalid TCP flag combinations to
detect a firewall on a network or map the security policy implemented on the
firewall. Symantec Gateway Security 300 Series blocks and logs any traffic with
illegal flag combinations for traffic that is not being denied by the security
policy. Any traffic denied by the security policy that has one or more bad TCP
flag combinations is classified as one of several NMAP port scanning techniques
(NMAP Null Scan, NMAP Christmas Scan, and so on).
To enable TCP flag validation
See
"IDS Protection tab field descriptions"
1
In the SGMI, in the left pane, click IDS/IPS.
2
In the right pane, on the Advanced tab, under TCP Flag Validation, check
Enable.
on page 205.