1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Size Limits By Protocol - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

13.7. Size Limits by Protocol

13.7. Size Limits by Protocol
This section contains information about the size limits imposed on the protocols directly under IP
level, ie. TCP, UDP, ICMP, etc.
The values specified here concern the IP data contained in packets. In the case of Ethernet, a single
packet can contain up to 1480 bytes of IP data without fragmentation. In addition to that, there is a
further 20 bytes of IP header and 14 bytes of Ethernet header, corresponding to the maximum media
transmission unit on Ethernet networks of 1514 bytes.
MaxTCPLen
Specifies the maximum size of a TCP packet including the header. This value usually correlates
with the amount of IP data that can be accommodated in an unfragmented packet, since TCP usually
adapts the segments it sends to fit the maximum packet size. However, this value may need to be
increased by 20-50 bytes on some less common VPN systems.
Default: 1480
MaxUDPLen
Specifies the maximum size of a UDP packet including the header. This value may well need to be
quite high, since many real-time applications use large, fragmented UDP packets. If no such
protocols are used, the size limit imposed on UDP packets can probably be lowered to 1480 bytes.
Default: 60000 bytes
MaxICMPLen
Specifies the maximum size of an ICMP packet. ICMP error messages should never exceed 600
bytes, although Ping packets can be larger if so requested. This value may be lowered to 1000 bytes
if you do not wish to use large Ping packets.
Default: 10000 bytes
MaxGRELen
Specifies the maximum size of a GRE packet. GRE, Generic Routing Encapsulation, has various
uses, including the transportation of PPTP, Point to Point Tunneling Protocol, data. This value
should be set at the size of the largest packet allowed to pass through the VPN connections,
regardless of its original protocol, plus approx. 50 bytes.
Default: 2000 bytes
MaxESPLen
Specifies the maximum size of an ESP packet. ESP, Encapsulation Security Payload, is used by
IPsec where encryption is applied. This value should be set at the size of the largest packet allowed
to pass through the VPN connections, regardless of its original protocol, plus approx. 50 bytes.
Default: 2000 bytes
MaxAHLen
Specifies the maximum size of an AH packet. AH, Authentication Header, is used by IPsec where
only authentication is applied. This value should be set at the size of the largest packet allowed to
pass through the VPN connections, regardless of its original protocol, plus approx. 50 bytes.
Default: 2000 bytes
318
Chapter 13. Advanced Settings

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents