Concept Guide
Parameter Description
Deny all IP Fragments
If enabled, all IP fragments are dropped.
Prohibit IP Spoofing
When this option is enabled, source and
destination IP and MAC addresses are checked;
possible IP spoofing attacks are logged and an
SNMP trap is sent.
Monitor ping attack
If enabled, the controller monitors the number of
ICMP pings per second. If this value exceeds the
maximum configured rate, the controller will
register a denial of service attack.
Monitor TCP SYN attack
If enabled, the controller monitors the number of
TCP SYN messages per second. If this value
exceeds the maximum configured rate, the
controller will register a denial of service attack.
Monitor IP sessions attack
If enabled, the controller monitors the number of
TCP sessions requests per second. If this value
exceeds the maximum configured rate, the
controller will register a denial of service attack
sessions.
Deny inter user bridging
If enabled this setting prevents the forwarding of
Layer-2 traffic between wired or wireless users.
You can configure user role policies that prevent
Layer-3 traffic between users or networks but
this does not block Layer-2 traffic.
Log all received ICMP errors
Shows if the controller will log received ICMP
errors.
Per-packet logging
If active, and logging is enabled for the
corresponding session rule, this feature logs
every packet.
Blacklist Grat ARP attack client
If enabled, blacklist clients exceeding the
Gratuitous ARP attack rate.
Stateful SIP Processing
Shows if the controller has enabled or disabled
monitoring of exchanges between a voice over IP
or voice over WLAN device and a SIP server. This
option should be enabled only when thee is no
VoIP or VoWLAN traffic on the network
Allow tri-session with DNAT
Shows if the controller allows three-way session
when performing destination NAT.
Disable FTP server
If active, this feature disables the FTP server on
the controller.
Dell Networking W-Series ArubaOS 6.5.x | Reference Guide show firewall | 1488