NETGEAR ProSafe FVS336Gv2 Reference Manual page 268

ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
The Attack Checks screen displays the IPv4 settings.
7. Enter the settings as described in the following table.
Setting
WAN Security Checks
Respond to Ping on
Internet Ports
Enable Stealth Mode Select the Enable Stealth Mode check box to prevent the VPN firewall from
Block TCP flood
Description
Select the Respond to Ping on Internet Ports check box to enable the VPN firewall
to respond to a ping from the Internet to its IPv4 address. A ping can be used as a
diagnostic tool. Keep this check box cleared unless you have a specific reason to
enable the VPN firewall to respond to a ping from the Internet.
If you select the Respond to Ping on Internet Ports check box, specify the IP
address on which a ping is allowed:
• Any. A ping is allowed on any IP address. This is the default setting.
• IP Address. A ping is allowed only on a single IP address, which you must
specify in the IP Address field.
responding to port scans from the WAN, thus making it less susceptible to discovery
and attacks. By default, the Enable Stealth Mode check box is selected.
Select the Block TCP flood check box (which is the default setting) to enable the
VPN firewall to drop all invalid TCP packets and to protect the VPN firewall from a
SYN flood attack. By default, the Block TCP flood check box is selected.
In the TCP Flood Limit field, enter the number of packets per second that defines a
SYN flood attack. You can enter a number from 1 to 100. The default value is 100.
The VPN firewall drops TCP packets that exceed the specified number of packets
per second.
A SYN flood is a form of denial of service attack in which an attacker sends a
succession of SYN (synchronize) requests to a target system. When the system
responds, the attacker does not complete the connections, thus leaving the
connection half open and flooding the server with SYN messages. No legitimate
connections can then be made.
Customize Firewall Protection
267