Configuring the Barricade Router
•Connection Policy – Enter the appropriate values for TCP/ UDP sessions as described in the following table.
Parameter | Defaults | Description |
Fragmentation | 10 sec | Configures the number of seconds |
| that a packet state structure | |
|
| remains active. When the timeout |
|
| value expires, the router drops the |
|
| unassembled packet, freeing that |
|
| structure for use by another packet. |
TCP SYN wait | 30 sec | Defines how long the software will |
|
| wait for a TCP session to |
|
| synchronize before dropping the |
|
| session. |
TCP FIN wait | 5 sec | Specifies how long a TCP session |
|
| will be maintained after the firewall |
|
| detects a FIN packet. |
TCP connection | 3600 | The length of time a TCP session |
idle timeout | seconds | will be maintained if there is no |
| (1 hour) | activity. |
UDP session idle | 30 sec | The length of time a UDP session |
timeout |
| will maintained if there is no activity. |
|
|
|
H.323 data | 180 sec | The length of time an H.323 |
channel idle |
| session will be maintained if there |
timeout |
| is no activity. |
|
|
|
DoS Criteria and Port Scan Criteria
Set up DoS and port scan criteria in the spaces provided (as shown below).
Parameter | Defaults | Description |
Total incomplete TCP/ | 300 sessions | Defines the rate of newly |
UDP sessions HIGH |
| unestablished sessions that |
|
| will cause the software to |
|
| start deleting |
|
| sessions. |
|
|
|
54