ProSecure Unified Threat Management (UTM) Appliance Reference Manual

Table 5-4. Attack Checks Settings (continued)

Setting

Description (or Subfield and Description)

 

 

LAN Security Checks.

 

 

Block UDP flood

Select the Block UDP flood checkbox to prevent the UTM from accepting more

 

than 20 simultaneous, active UDP connections from a single device on the LAN.

 

By default, the Block UDP flood checkbox is deselected.

 

A UDP flood is a form of denial of service attack that can be initiated when one

 

device sends a large number of UDP packets to random ports on a remote host.

 

As a result, the distant host does the following:

 

1. Check for the application listening at that port.

 

2. See that no application is listening at that port.

 

3. Reply with an ICMP Destination Unreachable packet.

 

When the victimized system is flooded, it is forced to send many ICMP packets,

 

eventually making it unreachable by other clients. The attacker might also spoof

 

the IP address of the UDP packets, ensuring that the excessive ICMP return

 

packets do not reach him, thus making the attacker’s network location

 

anonymous.

 

 

Disable Ping Reply

Select the Disable Ping Reply on LAN Ports checkbox to prevent the UTM

on LAN Ports

from responding to a ping on a LAN port. A ping can be used as a diagnostic

 

tool. Keep this checkbox deselected unless you have a specific reason to

 

prevent the UTM from responding to a ping on a LAN port.

 

 

VPN Pass through

 

 

 

IPSec

When the UTM functions in NAT mode, all packets going to the remote VPN

PPTP

gateway are first filtered through NAT and then encrypted per the VPN policy.

L2TP

For example, if a VPN client or gateway on the LAN side of the UTM wants to

 

connect to another VPN endpoint on the WAN side (placing the UTM between

 

two VPN endpoints), encrypted packets are sent to the UTM. Because the UTM

 

filters the encrypted packets through NAT, the packets become invalid unless

 

you enable the VPN Pass through feature.

 

To enable the VPN tunnel to pass the VPN traffic without any filtering, select any

 

or all of the following checkboxes:

 

IPSec. Disables NAT filtering for IPSec tunnels.

 

PPTP. Disables NAT filtering for PPTP tunnels.

 

L2TP. Disables NAT filtering for L2TP tunnels.

 

By default, all three checkboxes are selected.

4.Click Apply to save your settings.

Firewall Protection

5-29

v1.0, January 2010

Page 143
Image 143
NETGEAR UTM5-100NAS, UTM50-100NAS manual VPN Pass through, L2TP