Rejects, TCP EST Reject, Sessions | Compatible Systems 5.4 manual

144	Chapter 8 - IntraGuard Firewall Configuration

The event log messages will appear in the log buffer (or wherever log messages are being sent), only if the global log level is at the same level or a lower level of importance. This allows you to closely monitor certain events while excluding events you do not wish to closely monitor from the log.

Logging parameters for the device, including the global log level, are set in the Logging Configuration Dialog Box, which can be accessed by selecting Logging from the Device View.

Using the default configuration as an example, if you wish to see log messages for TCP Resets, which have a default setting of Notice, you would need to set the Log Level in the Logging Configuration Dialog Box to Notice, Info or Debug. Any other setting would mean that TCP Resets would not appear in the log.

Rejects

Rejects messages are created by the firewall whenever an IP packet is rejected for any reason. The default is Info.

TCP EST Reject

TCP EST Reject messages are created by the firewall whenever an estab- lished TCP session is rejected. These messages are also created when a TCP session for which the firewall has not seen the SYN flag is established. The default is Error.

Sessions

Sessions messages are created by the firewall whenever an IP session is estab- lished. The default is Error.

TearDown

TearDown messages are created by the firewall whenever an IP session is torn down. The default is Warning.

IP Timeouts

IP Timeouts messages are created by the firewall whenever a non-TCP session (i.e. IP or UDP session) is timed out. The default is Warning.

TCP Timeouts

TCP Timeouts messages are created by the firewall whenever a TCP session is timed out due to inactivity. The default is Alert.

TCP Resets

TCP Resets messages are created by the firewall whenever a TCP session is reset. The default is Notice.

Image 150

Compatible Systems 5.4 manual Rejects, TCP EST Reject, Sessions, TearDown, IP Timeouts, TCP Timeouts, TCP Resets

Contents

CompatiView 5.4 Reference Guide Page Installation and Overview Table of Contents Iii Table of Contents VPN Ports and LAN-to-LAN Tunnels TCP/IP Filtering 183 Ospf Installation and Overview CompatiView Quickstart System Requirements for Windows CompatiView Installation NotesAbout this Manual Selecting IP or IPX Operation with Windows CompatiView’s Menus and Main Windows Device View and the Main Window Device View Right-Clicking in the Device View File Menu New ConfigOpen Config File Open Device Download Config to Device Dialog Box Save / Restart Options VPN Port Save To FileSubinterface Firewall Path Database Menu Options Database Options Dialog BoxGeneral Tab Confirmations Tab Save/Restart Tab Control Menu Advanced Tab Download Software Tftp DownloadRestart Device Output Window Statistics MenuCompatiView Output Window Serial Statistics EthernetWAN State PPP Statistics IP Routing Ospf ConfigurationIP Route Table IPX Route Table Command Line Edit Box Moving and Customizing the Windows View menuCustomize Customize Window View Dialog Box CommandsWindow Menu ToolbarsPage IP Routing & Bridging TCP/IP Routing Ethernet Configuration Dialog BoxTCP/IP Routing Ethernet Dialog Box IP Routing/Bridging/Off IP Address Network IP Subnet MaskNetwork IP Broadcast Address Routing Protocol RIP Split Horizon Output RIP Input RIP IP Routing & Bridging Directed Broadcast Ospf TCP/IP Routing WAN Configuration Dialog Box TCP/IP Routing WAN Configuration Dialog Box Numbered Interface Network IP Broadcast Address Update Method RIP Split Horizon TCP/IP Routing VPN Configuration Dialog Box IP Routing & Bridging Options IP Routing/IP Bridging/IP Off IP Address Routing Protocol Update Method Ospf TCP/IP Routing Bridge Configuration Dialog Box Bridge Logical Diagram TCP/IP Routing Bridge 0 Configuration Dialog Box IP Routing/Off Network IP Subnet Mask IP Routing & Bridging Ospf IP Subinterface Dialog Box IP Connection Dialog Box IP Connection Dialog BoxIP On/IP Off IP Address IP Static Routing Dialog Box Destination MaskGateway Metric Redistribute via Ethernet IP Options Bridge IP Options Ethernet or Bridge TCP/IP Options Dialog BoxIP Proxy ARP UDP Forwarding Agents Relays UDP Forwarding Agents Dialog Box UDP Ports/Protocols WAN IP OptionsServer IP Address WAN IP Options Dialog Box Send IP Address Configure Request Van Jacobson Header Compression IP Multiprotocol Precedence Dialog Box RIP V2 PasswordTCP/IP Routing Options Protocol Precedence IP Route Redistribution IP Route Redistribution Dialog Box Ospf Route AggregationRIP to Ospf BGP to Ospf Default into OspfOspf to RIP BGP to RIP IP Routing & Bridging IPX Ethernet Frame Types IPX Routing Ethernet Configuration Dialog BoxIPX Routing Ethernet Configuration Dialog Box IPX Routing & Bridging IPX Routing/Bridging/Off Seed Status per Frame Type Network Number per Frame Type RIP Update TimerSAP Update Timer Block IPX Type 20 Output Packets IPX Routing WAN Configuration Dialog Box IPX Routing WAN Configuration Dialog Box Network Number Optional Remote Node Network Number IPX Routing & Bridging Use Ethernet Port as End-Node Proxy IPX Routing VPN Configuration Dialog Box IPX Routing VPN Configuration Dialog Box IPX Routing/Bridging/Off RIP Update Timer IPX Routing Bridge Configuration Dialog Box IPX Routing Bridge 0 Configuration Dialog Box IPX Frame Types IPX Routing/Off Network Number per Frame Type AppleTalk Routing Ethernet Configuration Dialog Box AppleTalk Routing Ethernet Configuration Dialog BoxAppleTalk Phase 1 Configuration AppleTalk Routing & Bridging Phase 1 Routing/Bridging/Off Phase 1 Seed Status Phase 1 Node Phase 1 Net #Phase 1 Zone NBP Lookup Filters Filtering AppleTalk Phase 2 Configuration Phase 2 Routing/Bridging/OffPhase 2 Seed Status Phase 2 Default Zone Phase 2 Net # RangePhase 2 Zones Phase 2 Node AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing & Bridging AppleTalk On/Bridging/Off Zone NodeOptional Remote End-Node Network Number Optional Remote End-Node Node Number AppleTalk Routing VPN Configuration Dialog BoxAppleTalk Routing VPN Configuration Dialog Box Optional Remote End-Node Proxy AppleTalk On/Bridging/Off AppleTalk Zone AppleTalk Routing Bridge Configuration Dialog Box AppleTalk Routing Bridge 0 Configuration Dialog Box Phase 1 Routing/Off AppleTalk Routing & Bridging Phase 1 Net # Phase 2 Routing/Off Phase 2 Zones NBP Filtering Configuration Dialog Box NBP FilteringNetwork Filters Zone Filters AppleTalk Options Configuration Dialog Box Phase 2 Aarp Probe Time DECnet Routing & Bridging Main DECnet Routing Configuration Dialog BoxMain DECnet Routing Configuration Dialog Box DECnet On Hello Timer Routing TimerArea DECnet Ethernet Configuration Dialog Box DECnet Routing & Bridging Max Addresses DECnet Ethernet Configuration Dialog Box DECnet Routing/Bridging/Off DECnet WAN Configuration Dialog Box DECnet WAN Configuration Dialog BoxDECnet On/Bridging/Off Hello Timer Add VPN Port Dialog Box Add VPN Port Dialog Box Partner Address Tunnel Partner VPN Configuration Dialog BoxVPN Ports and LAN-to-LAN Tunnels Bind To Interface IKE Key Management IKE Key Management Dialog BoxKey Manage Shared Key TransformPerfect Forward Secrecy 101 IKE Configuration Dialog BoxAuthentication Encryption Authentication Secret Enable AuthenticationAuthentication Method Manual Key Management 103 Interoperability Settings Dialog BoxEnable Encryption Encryption Method Local and Peer Settings Interoperability Settings Dialog BoxMode 105 Local / AccessPeer / Access Local / Protocol Peer / Port 107 108 VPN Group Configuration Dialog Box VPN Group Configuration Dialog Box and General TabVPN Client Tunnels 109 VPN Group Configuration General Tab MinimumVersion VPN Client Tunnels 111 Inactivity TimeoutSLA Enable Client Exclude Local LAN VPN Group Configuration IKE Configuration Tab VPN Group Configuration IKE Configuration Tab VPN Client Tunnels 113 Save Secrets VPN Group Configuration Manual Tab VPN Group Configuration Manual Tab VPN Client Tunnels 115 VPN Group Configuration IP Connection TabVPN Group Configuration IP Connection Tab Start IP Address Local IP Net Assign IP Radius Add IP Address Dialog Box VPN Client Tunnels 117 Allow Connections ToAdd Edit Input Filters VPN Group Configuration IP Filters TabVPN Config IP Filters Tab Output Filters VPN Client Tunnels 119 VPN Group Configuration IPX Connection TabVPN Config IPX Connection Tab Local IPX Net VPN Group Configuration IPX Filters Tab VPN Group Configuration IPX Filters TabAssign IPX Radius VPN Client Tunnels 121 Input Filters VPN Group Configuration Rollover TabVPN Group Configuration Rollover Tab Alternate IntraPort Addresses SecurID Required VPN Group Configuration SecurID TabVPN Group Configuration SecurID Tab SecurID User Name VPN Group Configuration DNS Redirection Tab Add Local Domain Dialog Box VPN Group Configuration Wins Redirection TabVPN Group Configuration Wins Tab Local Domain Name VPN User Configuration Dialog Box VPN User Configuration Dialog BoxVPN Client Tunnels 125 Name STEP/STAMP Authentication SecretVPN User Dialog Box VPN Group IKE Policy VPN Client Tunnels 127 STEP/STAMP Encryption SecretIKE Policy Global Dialog Box IPSec Gateway Configuration Dialog Box IPSec Gateway Dialog BoxIPSec Gateway VPN Client Tunnels 129 130 IntraGuard Firewall Configuration 131 Settings FirewallPath Dialog Box IntraGuard Firewall ConfigurationInterfaces Inside/Outside 133 ‘AND’ Filters‘OR’ Filters SendTCPReset Advanced Settings Firewall Path Dialog BoxResetRedirects Advanced Options SynRejectOnly SendICMPReset135 ICMPtoTCPsession Security Policies Firewall Path Dialog Box Current Security Policy 137 Security Policies at a Glance 139 Security Policy Protocol Setting Dialog BoxSecurity Policy Protocol Setting Dialog Box Policy 140 141 Allow Ports/Protocols Dialog Box Port/ProtocolPort/Protocol Number Firewall Logging Dialog Box 143Firewall Logging Dialog Box TCP Resets IP TimeoutsTCP Timeouts Rejects Redirects Icmp Resets145 General SYN Timer Firewall Settings Dialog BoxFirewall Settings Dialog Box FIN Timer HalfShutTimer TCPTimeoutUDPTimeout DynamicTimerPage Global Bridging Configuration Dialog Box Bridging 149 Learning/IEEE Spanning Tree BridgingBridge On Table Size Priority Spanning Tree Fwd Delay Spanning TreeBridging 151 Aging Time Max Age Spanning Tree Interface Configuration Dialog Box Bridging 153 Bridging On PriorityPath Cost Spanning Tree Exclude Non-Routed Protocols WAN Link Protocols 155 Link Configuration WAN Dialog BoxLink Configuration WAN Dialog Box WAN On WAN Link Protocols Link TypeFailover Type WAN Link Protocols 157 Backup PortTimers Allow Dial Out Drop Link If Inactive For Allow DialAlways Keep Link Up Dialing Method WAN Link Protocols 159 Dial-Out / Connect ScriptDial-back Script Retry Delay Setting Script TimeoutDialing Retries / Connect Retries Backup Disable Timer Failover Timers Configuration Dialog BoxBackup Enable Timer Backup Init Timer Frame Relay Configuration Dialog Box Frame Relay Configuration Dialog BoxMaintenance Protocol WAN Link Protocols 163 Polling Frequency Home Dlci Dlci Database Configuration Dialog Box Dlci Entry Dialog Box Dlci Database Dialog Box WAN Link Protocols 165 Dlci #AppleTalk Address IPX Address Chap Configuration Dialog BoxChap Configuration Dialog Box DECnet Address Request Chap Authentication WAN Link Protocols 167Respond to Chap Challenges PAP Configuration Dialog Box PAP Configuration Dialog BoxSecret Request PAP Authentication WAN Link Protocols 169Respond to PAP Requests Smds Dialog Box PasswordSmds Dialog Box Station Address PPP Options Dialog Box WAN Link Protocols 171 IP MulticastPPP Options Dialog Box PPP Link Quality Configuration Dialog Box Sequenced Predictor CompressionEcho Packets On WAN Link Protocols 173 LCP Options Configuration Dialog BoxLCP Options Configuration Dialog Box Frequency in Seconds Echo Packets Multilink PPP Dialog Box Address/Control CompressionProtocol Compression Mppp Bundle Name EnableWAN Link Protocols 175 Linked Ports WAN Chat Script Editor Dialog Box MPQualWAN Chat Script Editor Dialog Box WAN Link Protocols 177 Chat Script Editor Dialog Box Buttons & ControlsChat Script Rules and Syntax 178 WAN Link Protocols 179 To connect to an Internet Service Provider using a modem Chat Script Examples User Authentication Database Dialog Box WAN Link Protocols 181 Interfaces Password/SecretRemote Name Dial-back Chat Route Filters Button Main TCP/IP Filtering Dialog BoxTCP/IP Filtering 183 Packet Filters Button Block IP Source Routing TCP/IP Filter Editor WindowTCP/IP Filtering Log Rejected Source-Routed Packets TCP/IP Route Filter Rules Basic IP Route Filter Rules and Syntax TCP/IP Filtering 187 IP Route Filter Rule Options IP Route Filter Rule Modifiers TCP/IP Packet Filter Rules IP Route Filter Rule NotificationIP Route Filter Rule Examples TCP/IP Filtering 189 Basic IP Packet Filter Rules and Syntax IP Packet Filter Rule Operators and Port Names TCP/IP Filtering 191 TCP Ports Icmp Types IP Packet Filter Rule Modifiers TCP/IP Filtering 193 UDP IP Packet Filter Rule Notification Simple IP Packet Filter Rule Examples TCP/IP Filtering 195 IP Packet Filter Rule Set Examples Interface TCP/IP Packet Filtering Configuration Dialog Box TCP/IP Packet Filtering Bridge Dialog Box IPX Filtering 197 Main IPX Filtering Configuration Dialog BoxMain IPX Filtering Dialog Box IPX Route Filters IPX Filter Editor Window IPX Filter Editor WindowIPX Filtering Filter Editor Window Buttons and Controls IPX Packet Filter Rules IPX Filtering 199Basic IPX Packet Filter Rules and Syntax IPX Packet Filter Options IPX Filtering 201 IPX Packet Filter Rule Notification IPX Route Filter Rules IPX Packet Filter Rule Examples IPX Filtering 203 Basic IPX Route Filter Rules and Syntax IPX Route Filter Rule Options IPX Route Filter Rule Modifiers IPX Route Filter Rule Notification IPX SAP Filter RulesIPX Filtering 205 IPX Route Filter Rule Examples Basic IPX SAP Filter Rules and Syntax IPX SAP Filter Options IPX Filtering 207 IPX SAP Filter Rule Modifiers IPX SAP Filter Rule NotificationIPX SAP Filter Rule Examples Interface IPX Packet Filtering Configuration Dialog Box IPX Filtering 209 210 Main AppleTalk Filtering Editor Window AppleTalk Filtering 211Main AppleTalk Filter Editor Window AppleTalk Packet Filter Rules AppleTalk FilteringGeneral Packet Filtering Routing Filters Rtmp AppleTalk Filtering 213Get Zone List Basic AppleTalk Filter Rules and Syntax 214 AppleTalk Filtering 215 Simple AppleTalk Packet Filter Rule Examples AppleTalk Get Zone List Filter Rule Set ExamplesAppleTalk Rtmp Filter Rule Set Examples Interface AppleTalk Filtering Configuration Dialog Box AppleTalk Filtering 217Input Rtmp Filters Input Packet Filters Output Rtmp FiltersZone List Filters Output Packet Filters General 219 Physical RS-232 Configuration WAN Dialog BoxPhysical RS-232 Configuration WAN Dialog Box Async/Sync Tx Clock Internal Sync Only Baud RateFlow Control Async Only Physical T1 WAN Configuration Dialog Box General 221Clock Scheme Line Encoding Fractional T1 EnabledFraming Start Channel & Number of Channels Invert Data General 223 Contiguous Channels or Alternate ChannelsChannel Data Rate PRM Transmit Physical V.35 Configuration WAN Dialog Box Tx Clock Internal Physical DS3 Configuration WAN Dialog Box General 225 System Configuration Dialog Box System Configuration Dialog BoxBandwidth Allocation Confirm Enable Password Confirm PasswordEnable Password General 227 Name of Administrator and How to Contact Snmp ConfigurationSnmp System Info Configuration Dialog Box Administrative Name Sets Enabled Advanced Snmp Configuration Dialog BoxSnmp Enabled Traps Enabled Snmp Community Strings Configuration Dialog Box Snmp Community Strings Configuration Dialog BoxCommunity String Snmp Traps Dialog Box Snmp Traps Configuration Dialog BoxGeneral 231 Access Host IP Address Primary DNS Server Domain Name Server DNS Dialog BoxDomain Name Server Dialog Box Secondary DNS Server Search Order General 233 Time Server Configuration Dialog BoxTime Server Dialog Box Add TCP/IP DNS Server Backup IP Address ProtocolOffset from Server Radius Configuration Dialog Box Radius Configuration Dialog BoxGeneral 235 Accounting Port Authentication PortAccounting VPN Real IP Address General 237 VPN Tunnel Secret VPN AuthenticationPAP Authentication Secret VPN Group Info Use Secret in Checksum Secondary Server IP AddressSecondary Server Retries General 239 SecurID Configuration Dialog BoxEnable SecurID Port Backup Server Timeout NAT Configuration Dialog Box NAT Configuration Dialog Box New Button Modify ButtonGeneral 241 Internal Range External RangePassThru Range Addresses TCP Syn Timeout General 243 TCP TimeoutUDP Timeout TCP Fin Timeout NAT Range Dialog Box NAT Range Dialog Box NAT Mapping Dialog Box General 245NAT Mapping Dialog Box NAT Range Dialog Box Internal IP address NAT Mapping Translation Pair Examples General 247 Logging Configuration Dialog BoxLogging Configuration Dialog Box Logging On IP Address Syslogd On Only Send Log to Aux PortSyslogd On File Syslogd On Only General 249 Ldap ConfigurationLdap Server Dialog Box Ldap Server Dialog Box Primary Server Primary Password Ldap Config NameEnable Ldap Add Ldap Server Dialog Box General 251 Secondary Server Secondary Password Base Ldap Authentication Dialog Box Ldap Authentication Dialog BoxEnable Ldap Authentication VPN Group Attribute General 253 Primary Server Primary PasswordSecondary Server Secondary Password VPN Shared Secret Attribute 254 Ospf Dialog Box Ospf 255Ospf Dialog Box Area ID Ospf EnabledOspf Cost Ospf Area Ospf Area Dialog Box Add Ospf Area Dialog Box Stub Default Cost Ospf Authentication TypeEnable Stub Area Ospf 259 Ospf Area Name Ospf Virtual Link Net Range Dialog Box Ospf Virtual Link Dialog Box Enable Virtual LinkOspf 261 Add Ospf Virtual Link Dialog Box Transit Area Virtual Transit DelayOspf Packet Authentication Key Virtual Retransmission BGP General Dialog Box Enable BGPBGP 263 BGP General Dialog Box BGP Local Preference BGP Aggregates Dialog BoxBGP Use IPR Filters BGP 265 BGP Peer Configs Dialog BoxBGP Peer Configs Dialog Box Add BGP Aggregate Dialog Box Input Route Map BGP Peer Config NameEnable Ebgp Multihop Output Route Map IP Loopback Dialog Box BGP Peers Dialog Box BGP Peers Dialog BoxIP Loopback Add BGP Peer Dialog Box BGP Route Maps Editor Dialog Box BGP 269 BGP Route Maps Dialog Box BGP Route Map Editor Dialog Box Buttons & Controls Enter Data Dialog Box BGP Route Mapping RulesBGP 271 Action Direction Options/Output Modifiers BGP 273 Special Communities Options/Input Modifiers BGP Networks BGP Networks Dialog BoxBGP Network Dialog Box BGP 275 Subnet Mask 276 Appendices 277 IP Addresses Appendices Chart 1 IP Address ClassesChart 2 Standard IP Subnets Subnet Masks Chart 3 Subnetted Class C Host Ranges Appendices 279Broadcast Addresses Assigning a Subnet Mask Chart 4 Broadcast Address ExamplesAssigning an IP address Assigning a Broadcast Address IPX Appendices 281 Static Routes & Routing ProtocolsIPX Routing Basics 282 Service Advertising Protocol Appendices 283Client Machine Addressing AppleTalk AppleTalk Routing Basics Appendices 285 Non-extended and Extended AppleTalk NetworksSeeding a Network Segment Probing Zones Appendices 287 Router AutoconfigurationBridging Bridging Basics Transparent Bridging Spanning Tree Bridging Multiport Bridges/Switches and Bridge Groups Appendices 289Simple Bridging Example Bridge Groups on a Multiport Router Virtual Circuits Frame RelayAppendices 291 Addressing Encapsulation and Fragmentation Local & Global DLCIsLocal Management Interface LMI Network/Protocol Addressing and Virtual Interfaces Appendices 293 Frame Relay ExampleFrame Relay Example Page Symbols Index 295 Index Index 297 IPX Index 299 TCP/IP See also, TCP/IP Index 301 NAT Index 303 RIP UDP Index 305 Dlci Index 307 Radius