Manuals / Motorola / Computer Equipment / Network Router

Motorola 3397GP Set security state-insp tcp-timeout 30, Set security state-insp udp-timeout 30

Models: 3397GP

1 262
Download 262 pages 31.83 Kb
Page 204
Image 204

Administrator’s Handbook

Stateful Inspection

Stateful inspection options are accessed by the security state-insptag.

set security state-insp [ ip-ppp dsl ] vccn option [ off on ] set security state-insp ethernet [ A B ] option [ off on ]

Sets the stateful inspection option off or on on the specified interface. This option is disabled by default. Stateful inspection prevents unsolicited inbound access when NAT is disabled.

set security state-insp [ ip-ppp dsl ] vccn default-mapping [ off on ] set security state-insp ethernet [ A B ] default-mapping [ off on ]

Sets stateful inspection default mapping to Gateway option off or on on the specified interface.

set security state-insp [ ip-ppp dsl ] vccn tcp-seq-diff [ 0 - 65535 ] set security state-insp ethernet [ A B ] tcp-seq-diff [ 0 - 65535 ]

Sets the acceptable TCP sequence difference on the specified interface. The TCP sequence number dif- ference maximum allowed value is 65535. If the value of tcp-seq-diffis 0, it means that this check is disabled.

set security state-insp [ ip-ppp dsl ] vccn deny-fragments [ off on ] set security state-insp ethernet [ A B ] deny-fragments [ off on ]

Sets whether fragmented packets are allowed to be received or not on the specified interface.

set security state-insp tcp-timeout [ 30 - 65535 ]

Sets the stateful inspection TCP timeout interval, in seconds.

set security state-insp udp-timeout [ 30 - 65535 ]

Sets the stateful inspection UDP timeout interval, in seconds.

set security state-insp dos-detect [ off on ]

Enables or disables the stateful inspection Denial of Service detection feature. If set to on, the device will monitor packets for Denial of Service (DoS) attack. Offending packets may be discarded if it is determined to be a DoS attack.

set security state-insp xposed-addr exposed-address# "n"

Allows you to add an entry to the specified list, or, if the list does not exist, creates the list for the stateful inspection feature. xposed-addrsettings only apply if NAT is off.

Example:

set security state-insp xposed-addr exposed-address# (?): 32

32 has been added to the xposed-addrlist.

204

Page 203 Page 205
Page 204
Image 204
Motorola 3397GP manual Set security state-insp tcp-timeout 30, Set security state-insp udp-timeout 30, 204
Page 203 Page 205