Product specifications
Chapter 8: WEB Management Interface Efficient Networks
®
Router family
Technical Reference Guide
Page8-60 Efficient Networks
®
Stateful Firewall
An IP filtering firewall examines the packet’s header information and matches it
against a set of defined rules. If it finds a match, the corresponding action is
performed. If not, the packet is accepted. The stateful firewall varies from the IP
Filtering Firewall in that it gathers and maintains state information about each session.
The firewall intercepts outgoing packets and gathers enough information from them
(for example IP address information, port number, etc.) and creates the state
information for that session. When an incoming packet is seen, it checks the packet
against the state information it has maintained, and if the packet belongs to this
session, it is accepted. Thus, by tracking and controlling the flow of information
through the firewall, the stateful firewall provides robust security.
Stateful firewall is a key enabled feature and will not be displayed on the Main menu if
the feature has not been key-enabled. For additional information, see “Key Enabled
Features” on page 4-29.
Stateful Firewall Configuration Page
The Stateful Firewall Configuration page allows viewing and configuration of the
current firewall settings as well as access to the Dropped Packet Page and the
Firewall Rule Page. These settings include:
• Firewall Status - Indicates the current Firewall mode (on/off).
• Watch Setting - If watch is mode is On, a message is printed to the console
whenever a packet is accepted or dropped.
• Dropped Packet Threshold Setting - When the number of dropped packets
exceeds the threshold value, the firewall will log a message to the console.
Default value is 200 per second.
• UDP Packet Threshold Setting - The firewall would block any subsequent
UDP packets by default if the counter for the UDP packets exceeds the
threshold value. Default value is 1000 per second.
• ICMP Ping Packet Threshold Setting - The firewall would block any
subsequent ICMP ping packets by default if the counter for the ICMP ping
packets exceeds the threshold value. Default value is 1000 per second.
• SYN Packet Threshold Setting - The firewall would block any subsequent
SYN requests to a destination by default if the counter for the SYN packets
for that destination exceeds the threshold value. Default value is 200 per
second.
Stateful Firewall Navigation
From the Main Menu, select:
>Stateful Firewall (Configuration page)
>Dropped Packets page
>Firewall Rule page