Adit 3000 Series and Multi-Service Router (MSR) Card CLI Referece Manual
Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI 4-57
Global Configuration Mode
Global Configuration Commands
security-default
Use the security-default command to configure the security policy.
Syntax: (config)# security-default {maximum|minimum|typical}
[block-ip-frag]
Example: (config)# security-default maximum
Supported Platforms:
Adit 3104, Adit 3200, Adit 3500, MSR
Field Definition
The following security levels are described in detail.
Requests Originating in the
WAN
Requests Originating in the LAN
maximum Blocked: No access to network
from Internet, except as
configured in the Local Servers,
DMZ host and Remote Access
screens.
Limited: Only commonly-used
services, such as Web-browsing and
e-mail, are permitted. These
services include Telnet, FTP,
HTTP, HTTPS, DNS, IMAP,
POP3, Ping and SNMP
minimum Blocked: No access to network
from Internet, except as
configured in the local Servers,
DMZ host and Remote Access
screens.
Unrestricted: All services are
permitted, except as configured in
the Access Control screen.
typical (default) Unrestricted: Permits full
access from Internet to network;
all connection attempts
permitted.
Unrestricted: All services are
permitted, except as configured in
the Access Control screen.
block-ip-frag Block IP Fragments
Checking this option will protect your network from a common type of
hacker attack that could make use of fragmented data packets to
sabotage your network. Note that VPN over IPSec and some UDP-
based services make legitimate use of IP fragments. You will need to
allow IP fragments to pass into the home network in order to make use
of these selected services.