Manuals / Compatible Systems / Computer Equipment / Network Router

Compatible Systems 5.4 manual 135, SynRejectOnly, SendICMPReset, ICMPtoTCPsession, RejectSRCRoute

Models: 5.4

1 313
Download 313 pages 60.17 Kb
Page 141
Image 141

Chapter 8 - IntraGuard Firewall Configuration

135

 

 

SynRejectOnly

This checkbox sets whether the device will limit itself to sending TCP reset messages only when a TCP packet containing the SYN flag has been rejected. This can be useful when ICMP redirects are being sent, which could cause sessions to terminate prematurely. The default is checked.

SendICMPReset

This checkbox sets whether the device will send an ICMP message to the client when an IP or UDP packet has been rejected. The default is unchecked.

ICMPtoTCPsession

This checkbox sets whether the device will send an ICMP message to the client when a TCP packet has been rejected. This is in addition to sending a TCP reset message, if it has been enabled using the SendTCPReset checkbox. The default is unchecked.

RejectSRCRoute

This checkbox sets whether the device will reject source-routed IP packets. The default is checked.

MinIPFragLen

This field sets the minimum acceptable length of IP packets. Raising the minimum packet length can be useful in preventing "frag" attacks, which can take advantage of the use of partial header information in fragmented packets. The IntraGuard protects against overlapping fragmentation attacks, even when the MinIPFragLen is set to the minimum value of 40. Values may range between 40 and 1,500. The default is 40.

Page 140 Page 142
Page 141
Image 141
Compatible Systems 5.4 manual 135, SynRejectOnly, SendICMPReset, ICMPtoTCPsession, RejectSRCRoute, MinIPFragLen
Page 140 Page 142