Configuring the Barricade™ Router
66
Stateful Packet Inspection allows you to select different
application types that are using dynamic port numbers. If you
wish to use the Stateful Packet Inspection (SPI) to block
packets, click on the Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then check the
inspection type that you need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP Service, H.323 Service,
and TFTP Service.
•When hackers attempt to enter your network, we can alert
you by e-mail – Enter your E-mail address. Specify your
SMTP and POP3 servers, user name, and password.
•Connection Policy – Enter the appropriate values for TCP/
UDP sessions as described in the following table.
Parameter Defaults Description
Fragmentation
half-open wait 10 sec Configures the number of seconds
that a packet state structure
remains active. When the timeout
value expires, the router drops the
unassembled packet, freeing that
structure for use by another packet.
TCP SYN wait 30 sec Defines how long the software will
wait for a TCP session to
synchronize before dropping the
session.
TCP FIN wait 5 sec Specifies how long a TCP session
will be maintained after the firewall
detects a FIN packet.
TCP connection
idle timeout 3600
seconds
(1hour)
The length of time a TCP session
will be maintained if there is no
activity.
UDP session idle
timeout 30 sec The length of time a UDP session
will maintained if there is no activity.
H.323 data
channel idle
timeout
180 sec The length of time an H.323
session will be maintained if there
is no activity.