Tcpsettings - D-Link NetDefend DFL-210 Cli Reference Manual

3.55.22. TCPSettings

3.55.22. TCPSettings
Description
Settings related to the TCP protocol.
Properties
TCPOptionSizes
TCPMSSMin
TCPMSSOnLow
TCPMSSMax
TCPMSSVPNMax
TCPMSSOnHigh
TCPMSSLogLevel
TCPMSSAutoClamping
TCPZeroUnusedACK
TCPZeroUnusedURG
TCPOPT_WSOPT
TCPOPT_SACK
TCPOPT_TSOPT
TCPOPT_ALTCHKREQ
TCP-
OPT_ALTCHKDATA
TCPOPT_CC
TCPOPT_OTHER
Note
This object type does not have an identifier and is identified by the name of the type
only. There can only be one instance of this type.
Validity of TCP header option sizes. (Default: ValidateLogBad)
Minimum allowed TCP MSS (Maximum Segment Size). (Default:
100)
How to handle too low MSS values. (Default: DropLog)
Maximum allowed TCP MSS (Maximum Segment Size). (Default:
1460)
Limits TCP MSS for VPN connections; minimizes fragmentation.
(Default: 1400)
How to handle too high MSS values. (Default: Adjust)
When to log regarding too high TCP MSS, if not logged by "TCP
MSS on high". (Default: 7000)
Automatically clamp TCP MSS according to MTU of involved inter-
faces - in addition to "TCP MSS max". (Default: Yes)
Force unused ACK fields to zero; helps prevent connection spoofing.
(Default: Yes)
Force unused URG fields to zero; prevents small information leak.
(Default: Yes)
The WSOPT (Window Scale) option (common). (Default: Validate-
LogBad)
The SACK/SACKPERMIT (Selective ACK) options (common).
(Default: ValidateLogBad)
The TSOPT (Timestamp) option (common). (Default: ValidateLog-
Bad)
The ALTCHKREQ (Alternate Checksum Request) option. (Default:
StripLog)
The ALTCHKDATA (Alternate Checksum Data) option. (Default:
StripLog)
The CC (Connection Count) option series (semi common). (Default:
StripLogBad)
How to handle TCP options not specified above. (Default: StripLog)
Chapter 3. Configuration Reference
202