Gateway User Interface
•Packet Flood (SYN/UDP/ICMP/Other). When enabled, the firewall will check for SYN, UDP, ICMP, and other types of packet floods on the local and Internet facing interfaces and stop the flood.
•Invalid TCP Flag Attacks (NULL/XMAS/Other). When enabled, the firewall will scan inbound and outbound packets for invalid TCP Flag settings, and drop the packet to prevent SYN/FIN, NULL, and XMAS attacks.
•Invalid ICMP Detection. The firewall checks for invalid ICMP/code types, and drops the packet.
•Miscellaneous. The firewall checks for the following:
−Unknown IP protocol — drop packet.
−Port 0 attack detected — drop packet.
−TCP SYN packet — drop packet.
−Not a start session packet — drop packet.
−ICMP destination unreachable — terminate session.
31