Firewall > Advanced
434
SonicOS Enhanced 4.0 Administrator Guide
UDP
Detection Prevention
Enable Stealth Mode - By default, the security appliance responds to incoming connection
requests as either “blocked” or “open.” If you enable Stealth Mode, your security appliance
does not respond to blocked inbound connection requests. Stealth Mode makes your
security appliance essentially invisible to hackers.
Randomize IP ID - Select Randomize IP ID to prevent hackers using various detection
tools from detecting the presence of a security appliance. IP packets are given random IP
IDs, which makes it more difficult for hackers to “fingerprint” the security appliance.
Decrement IP TTL for forwarded traffic - Time-to-live (TTL) is a value in an IP packet that
tells a network router whether or not the packet has been in the network too long and should
be discarded. Select this option to decrease the TTL value for packets that have been
forwarded and therefore have already been in the network for some time.
Never generate ICMP Time-Exceeded packets - The SonicWALL appliance generates
Time-Exceeded packets to report when it has dropped a packet because its TTL value has
decreased to zero. Select this option if you don’t want the SonicWALL appliance to
generate these reporting packets.
Dynamic Ports
Enable support for Oracle (SQLNet) - Select if you have Oracle applications on your
network.
Enable support for Windows Messenger - Select this option to support special SIP
messaging used in Windows Messenger on the Windows XP.
Enable RTSP Transformations - Select this option to support on-demand delivery of real-
time data, such as audio and video. RTSP (Real Time Streaming Protocol) is an
application-level protocol for control over delivery of data with real-time properties.
Source Routed Packets
Drop Source Routed Packets is selected by default. Clear the check box if you are testing
traffic between two specific hosts and you are using source routing.
Connections
Check Disable Anti-Spyware, Gateway AV and IPS Engine (increases maximum SPI
connections) if you want to enable more connections at the expense of the Gateway Anti-Virus
and Intrusion Prevention services.