User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

341

342

343

344

345

346

347

348

349

350

344

Check the checkbox next to the interface(s) that the firewall should operate on in order to

enable the firewall for that interface.

Related CLI Commands

Entity

Instance

Parameter

Values

Equivalent Web Parameter

fw n/a logclr - Reset Hit Counters

fw n/a save - Save

fw n/a - - Restore

The firewall rule hits may be viewed from the command line console by using the command:

type fwstat.hit

Stateful Inspection Settings

Configuration – Security> Firewalls> Stateful Inspection Settings

The page described below contains timer timeout values and other options that are used by

the firewall stateful inspection module. This module establishes firewall rules that last for

the duration of a single connection only. Typically, the first packet of a TCP connection (SYN

packet) is used to create a stateful inspection rule that only allows subsequent packets for

that TCP connection through the firewall. The timers described below are used to set limits

on how long such rules persist.

Timers

TCP Opening s seconds

The value in this text box specifies the length of time following receipt of a TCP packet that

causes a stateful inspection rule to be created before a TCP connection must be established.

If a TCP connection is not established within this period, the associated stateful rule will be

removed.

TCP Open s seconds

The value in this text box specifies the length of time that an established TCP connection

may remain idle before the stateful inspection rule created for it is removed. The timer is

restarted each time a packet is processed by the associated stateful inspection rule.

TCP Closing s seconds

The value in this text box specifies the length of time that is allowed for a TCP socket to

close once the first FIN packet has been received. If the timer expires before the socket has

completed closing, the stateful inspection rule is removed.

TCP Closed s seconds

The value in this text box specifies the length of time that a stateful inspection rule will

remain in place after a TCP connection has closed.

UDP s seconds

The value in this text box specifies the length of time that a stateful inspection rule will

remain in place following the receipt of UDP packet. The timer is restarted each time

packets matching the rule pass in each direction. As a consequence, rules based on UDP

should only be used if it anticipated that packets will travel in both directions.

ICMP s seconds

Some ICMP packets – for instance the ECHO request – generate response packets. The

value in this text box specifies the length of time that a stateful inspection rule created for

an ICMP packet will remain in place if the response is not received. The rule is removed

immediately following receipt of the response.