ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 35. Attack Checks screen settings for IPv4 (continued)

Setting

Description

LAN Security Checks

Block UDP flood

Select the Block UDP flood check box (which is the default setting) to prevent the

 

wireless VPN firewall from accepting more than 20 simultaneous, active User

 

Datagram Protocol (UDP) connections from a single device on the LAN.

 

A UDP flood is a form of denial of service attack that can be initiated when one

 

device sends a large number of UDP packets to random ports on a remote host. As a

 

result, the distant host does the following:

 

1. Checks for the application listening at that port.

 

2. Sees that no application is listening at that port.

 

3. Replies with an ICMP Destination Unreachable packet.

 

When the victimized system is flooded, it is forced to send many ICMP packets,

 

eventually making it unreachable by other clients. The attacker might also spoof the

 

IP address of the UDP packets, ensuring that the excessive ICMP return packets do

 

not reach the attacker, thus making the attacker’s network location anonymous.

 

 

Disable Ping Reply

Select the Disable Ping Reply on LAN Ports check box to prevent the wireless

on LAN Ports

VPN firewall from responding to a ping on a LAN port. A ping can be used as a

 

diagnostic tool. Keep this check box cleared unless you have a specific reason to

 

prevent the wireless VPN firewall from responding to a ping on a LAN port.

 

 

VPN Pass through

 

IPSec

PPTP L2TP

When the wireless VPN firewall functions in NAT mode, all packets going to the remote VPN gateway are first filtered through NAT and then encrypted according to the VPN policy. For example, if a VPN client or gateway on the LAN side of the wireless VPN firewall wants to connect to another VPN endpoint on the WAN side (placing the wireless VPN firewall between two VPN endpoints), encrypted packets are sent to the wireless VPN firewall. Because the wireless VPN firewall filters the encrypted packets through NAT, the packets become invalid unless you enable the VPN Pass through feature.

To enable the VPN tunnel to pass the VPN traffic without any filtering, select any or all of the following check boxes:

IPSec. Disables NAT filtering for IPSec tunnels.

PPTP. Disables NAT filtering for PPTP tunnels.

L2TP. Disables NAT filtering for L2TP tunnels. By default, all three check boxes are selected.

Multicast Pass through

Enable IGMP

IP multicast pass-through allows multicast packets that originate in the WAN, such as packets from a media streaming or gaming application, to be forwarded to the LAN subnet. Internet Group Management Protocol (IGMP) is used to support multicast between IP hosts and their adjacent neighbors.

Select the Enable IGMP check box to enable IP multicast pass-through. By default, IP multicast pass-through is disabled.

Firewall Protection

168

Page 168
Image 168
NETGEAR FVS318N manual 168, Setting Description LAN Security Checks, VPN Pass through, Pptp L2TP, Multicast Pass through