Allied Telesis AT-WR4500 manual Service Ports, Submenu level /ip firewall service-port

max-entries(read-only: integer) - the maximum number of connections the connection state table can contain, depends on an amount of total memory

tcp-close-timeout(time; default: 10s) - maximal amount of time connection tracking entry will survive after having seen connection reset request (RST) or an acknowledgment (ACK) of the connection termination request from connection release initiator

tcp-close-wait-timeout(time; default: 10s) - maximal amount of time connection tracking entry will survive after having seen an termination request (FIN) from responder tcp-established-timeout(time; default: 1d) - maximal amount of time connection tracking entry will survive after having seen an acknowledgment (ACK) from connection initiator tcp-fin-wait-timeout(time; default: 10s) - maximal amount of time connection tracking entry will survive after having seen connection termination request (FIN) from connection release initiator

tcp-syn-received-timeout(time; default: 1m) - maximal amount of time connection tracking entry will survive after having seen a matching connection request (SYN)

tcp-syn-sent-timeout(time; default: 1m) - maximal amount of time connection tracking entry will survive after having seen a connection request (SYN) from connection initiator

tcp-syncookie(yes no; default: no) - enable TCP SYN cookies for connections destined to the router itself (this may be useful for HotSpot and tunnels)

tcp-time-wait-timeout(time; default: 10s) - maximal amount of time connection tracking entry will survive after having seen connection termination request (FIN) just after connection request (SYN) or having seen another termination request (FIN) from connection release initiator

total-entries(read-only: integer) - number of connections currently recorded in the connection state table

udp-stream-timeout(time; default: 3m) - maximal amount of time connection tracking entry will survive after replay is seen for the last packet matching this entry (connection tracking entry is assured). It is used to increase timeout for such connections as H323, VoIP, etc.

udp-timeout(time; default: 10s) - maximal amount of time connection tracking entry will survive after having seen last packet matching this entry

9.3.5 Service Ports

Submenu level: /ip firewall service-port

Description

Some network protocols are not compatible with network address translation, for example due to some additional infomation about the actual addresses or ports is present in the packet payload, which is not known for the NAT procedures, as they only look at the IP, UDP and TCP headers, not inside the packets. For these protocols to work correctly, a connection tracking helper is needed to work around such design issues. You may enable and disable helpers here (you may want to disable some of them to increase performance or if you are experiencing problems with some protocols detected incorrectly). Note that you can not add or remove the helpers, just enable or disable the existing ones.

Property Description

name - protocol name

ports (integer) - port range that is used by the protocol (only some helpers need this)