D-Link NetDefend DFL-210 Cli Reference Manual page 180

Network security firewall ver. 1.03

Hide thumbs Also See for NetDefend DFL-210:

User manual (495 pages)

Log reference manual (476 pages)

Cli reference manual (213 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

page of 194

/ 194
Contents
Table of Contents
Bookmarks

Table of Contents

3.51.20. TCPSettings

TCPMSSOnLow

TCPMSSMax

TCPMSSVPNMax

TCPMSSOnHigh

TCPMSSLogLevel

TCPMSSAutoClamping

TCPZeroUnusedACK

TCPZeroUnusedURG

TCPOPT_WSOPT

TCPOPT_SACK

TCPOPT_TSOPT

TCPOPT_ALTCHKREQ

TCP-

OPT_ALTCHKDATA

TCPOPT_CC

TCPOPT_OTHER

TCPSynUrg

TCPSynPsh

TCPSynRst

TCPSynFin

TCPFinUrg

TCPUrg

TCPECN

How to handle too low MSS values. (Default: DropLog)

Maximum allowed TCP MSS (Maximum Segment Size). (Default:

1460)

Limits TCP MSS for VPN connections; minimizes fragmentation.

(Default: 1400)

How to handle too high MSS values. (Default: Adjust)

When to log regarding too high TCP MSS, if not logged by "TCP

MSS on high". (Default: 7000)

Automatically clamp TCP MSS according to MTU of involved inter-

faces - in addition to "TCP MSS max". (Default: Yes)

Force unused ACK fields to zero; helps prevent connection spoofing.

(Default: Yes)

Force unused URG fields to zero; prevents small information leak.

(Default: Yes)

The WSOPT (Window Scale) option (common). (Default: Validate-

LogBad)

The SACK/SACKPERMIT (Selective ACK) options (common).

(Default: ValidateLogBad)

The TSOPT (Timestamp) option (common). (Default: ValidateLog-

Bad)

The ALTCHKREQ (Alternate Checksum Request) option. (Default:

StripLog)

The ALTCHKDATA (Alternate Checksum Data) option. (Default:

StripLog)

The CC (Connection Count) option series (semi common). (Default:

StripLogBad)

How to handle TCP options not specified above. (Default: StripLog)

The TCP URG flag together with SYN; normally invalid (strip=strip

URG). (Default: DropLog)

The TCP PSH flag together with SYN; normally invalid but always

used by some IP stacks (strip=strip PSH). (Default: StripSilent)

The TCP RST flag together with SYN; normally invalid (strip=strip

RST). (Default: DropLog)

The TCP FIN flag together with SYN; normally invalid (strip=strip

FIN). (Default: DropLog)

The TCP URG flag together with FIN; normally invalid (strip=strip

URG). (Default: DropLog)

The TCP URG flag; many operating systems cannot handle this cor-

rectly. (Default: StripLog)

The Explicit Congestion Notification (ECN) flags. Previously known

as "XMAS"/"YMAS" flags. Also used in OS fingerprinting. (Default:

StripLog)

180

Chapter 3. Configuration Reference

Table of Contents

This manual is also suitable for:

Dfl-800 Netdefend dfl-860 Dfl-1600 Netdefend dfl-2500 Netdefend dfl-260 Netdefend dfl-800 ... Show all

D-Link NetDefend DFL-210 Cli Reference Manual page 180

Related Manuals for D-Link NetDefend DFL-210

Related Products for D-Link NetDefend DFL-210

This manual is also suitable for:

Table of Contents