Table of Contents
Advertisement
IPMAC Conflict
Logging
IPMAC Conflict
Action
IPMAC Routing
Conflict Enable
IPMAC Routing
Conflict Logging
IPMAC Routing
Conflict Action
DNS Snoop Entry
Timeout
IP TCP Adjust MSS
TCP MSS Clamping
Max Fragments/
Datagram
Max
Defragmentations/
Host
Min Length
Required
IPv4 Virtual
Defragmentation
17.The Firewall policy allows traffic filtering at the application layer using the
feature. The Application Layer Gateway provides filters for the following common protocols:
FTP ALG
When enabled, use the drop-down menu to set the logging level (Error,
Warning, Notification, Information or Debug) if an attack is detected. The
default setting is Warning.
Use the drop-down menu to set the action taken when an attack is
detected. Options include Log Only, Drop Only or Log and Drop. The default
setting is Log and Drop.
Select this option to enable IPMAC Routing Conflict detection. This is also
known as a Hole-196 attack in the network. This feature helps to detect if
the client is sending routed packets to the correct MAC address.
Select enable logging for IPMAC Routing Conflict detection. This feature is
enabled by default and set to Warning.
Use the drop-down menu to set the action taken when an attack is
detected. Options include Log Only, Drop Only or Log and Drop. The default
setting is Log and Drop.
Select this option and set a timeout, in seconds, for DNS Snoop Entry. DNS
Snoop Entry stores information such as Client to IP Address and Client to
Default Gateway(s) and uses this information to detect if the client is
sending routed packets to a wrong MAC address.
Select this option and adjust the value for the maximum segment size
(MSS) for TCP segments on the router. Set a value between 472 bytes and
1,460 bytes to adjust the MSS segment size. The default value is 472
bytes.
Select this option to enable TCP MSS Clamping. TCP MSS Clamping allows
configuration for the maximum segment size of packets at a global level.
Set a value for the maximum number of fragments (between 2 and 8,129)
allowed in a datagram before it is dropped. The default value is 140
fragments.
Set a value for the maximum number of defragmentations, between 1 and
16,384 allowed per host before it is dropped. The default value is 8.
Select this option and set a minimum length, between 8 bytes and 1,500
bytes, to enforce a minimum packet size before being subject to fragment
based attack prevention.
Select this option to enable IPv4 Virtual Defragmentation, this helps
prevent IPv4 fragments based attacks, such as tiny fragments or large
number of ipv4 fragments.
Check the
Enable
box to allow FTP traffic through the Firewall using its
default ports. This feature is enabled by default.
Security Configuration 7 - 11
Application Layer Gateway (ALG)
- Quick Links:
- Accessing the Web Ui
Hide quick links:
Advertisement
Table of Contents
