User's Manual
Configuring the Wireless Barricade Router
64
communications are initiated by the recipient computer and
are taking place only with sources that are known and trusted
from previous interactions. In addition to being more rigorous
in their inspection of packets, stateful inspection firewalls also
close off ports until connection to the specific port is
requested.
When particular types of traffic are checked, only the
particular type of traffic initiated from the internal LAN will be
allowed. For example, if the user only checks FTP Service in
the Stateful Packet Inspection section, all incoming traffic will
be blocked except for FTP connections initiated from the local
LAN.
Stateful Packet Inspection allows you to select different
application types that are using dynamic port numbers. If you
wish to use the Stateful Packet Inspection (SPI) to block
packets, click on the Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then check the
inspection type that you need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP Service, H.323 Service,
and TFTP Service.
• When hackers attempt to enter your network, we can alert
you by email – Enter your email address. Specify your SMTP
and POP3 servers, user name, and password.
• Connection Policy – Enter the appropriate values for TCP/
UDP sessions as described in the following table.
Parameter Defaults Description
Fragmentation
half-open wait
10 sec Configures the number of seconds that a
packet state structure remains active. When
the timeout value expires, the router drops the
unassembled packet, freeing that structure for
use by another packet.
TCP SYN wait 30 sec Defines how long the software will wait for a
TCP session to synchronize before dropping
the session.
TCP FIN wait 5 sec Specifies how long a TCP session will be
maintained after the firewall detects a FIN
packet.