134 | Chapter 8 - IntraGuard Firewall Configuration |
|
|
Advanced Settings: Firewall Path Dialog Box
Advanced Settings: Firewall Path Dialog Box
To access this dialog box, select FirewallPath/Settings from the Device View, then click on the Advanced button.
Advanced Options
These settings allow detailed control of how certain packet types and sessions will be handled on the path.
PermitEstTCP
This checkbox sets whether the path will permit TCP sessions for which the IntraGuard did not see the SYN flag. The SYN flag is included in the header of the first couple of TCP packets and indicates that a session is being estab- lished. When checked, this allows established connections to continue after rebooting the device, but it is also a less secure option. The default is unchecked.
ResetRedirects
This checkbox sets whether the device will terminate sessions on a firewall path where ICMP redirects have been sent. ICMP redirects are generated when a device cannot route a packet correctly on its own. The effect can be that three firewall path sessions will be created to route the packet correctly, two of which will not be needed after the first packet gets delivered. The default is unchecked.
SendTCPReset
This checkbox sets whether the device will send a TCP reset message to the client when a TCP session has been rejected. The default is unchecked.
