ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering 4-15
v1.0, August 2006
•LAN Security Ch ecks. A UDP flood is a form of denial of service attack that can be initiated
when one machine sends a large number of UDP packets to random ports on a remote host. As
a result, the distant host will (1) check for the application listening at that port, (2) see that no
application is listening at that port and (3) reply with an ICMP Destination Unreachable
packet.
When the victimized system is flooded, it is forced to send many ICMP packets, eventually
making it unreachable by other clients. The attacker may also spoof the IP address of the UDP
packets, ensuring that the excessive ICMP return packets do not reach him, thus making the
attacker’s network location anonymous.
If enabled, the router will not accept more than 20 simultaneous, active UDP connections from
a single computer on the LAN.
•VPN Pass through. When the router is in NAT mode, all packets going to the Remote VPN
Gateway are first filtered through NAT and then encrypted per the VPN policy.
For example, if a VPN Client or Gateway on the LAN side of this router wants to connect to
another VPN endpoint on the WAN (placing this router between two VPN end points),
encrypted packets are sent to this router. Since th is router filters the encrypted packets through
NAT, the packets become invalid unless VPN Pass through is enabled.
When enabled, the VPN tunnel will pass the VPN traffic without any filtering. Tunnels can be:
–IPSec
–PPTP
–L2TP
To enable the appropriate Attack Checks for your environment:
1. Select Security from the main menu, Firewall Rules from the submenu and then the Attack
Checks tab. The Attack Checks screen will display.
2. Check the radio boxes of the Attack Checks you wish to initiate.