Gateway User Interface
31
• Packet Flood (SYN/UDP/ICMP/Other). When enabled, the firewall will check for SYN, UDP, ICMP, and
other types of packet floods on the local and Internet facing interfaces and stop the flood.
• Invalid TCP Flag Attacks (NULL/XMAS/Other). When enabled, the firewall will scan inbound and
outbound packets for invalid TCP Flag settings, and drop the packet to prevent SYN/FIN, NULL, and
XMAS attacks.
• Invalid ICMP Detection. The firewall checks for invalid ICMP/code types, and drops the packet.
• Miscellaneous. The firewall checks for the following:
−Unknown IP protocol — drop packet.
−Port 0 attack detected — drop packet.
−TCP SYN packet — drop packet.
−Not a start session packet — drop packet.
−ICMP destination unreachable — terminate session.