User guide

Firewall Configuration

58 (98) EN/LZT 108 6492 R1

April 2003

Field Description

Attack Protection Select Enable to use the built-in firewall protections that

prevent the following common types of attacks:

IP Spoofing: Sending packets over the WAN interface using

an internal LAN IP address as the source address.

Tear Drop: Sending packets that contain overlapping

fragments.

Smurf and Fraggle: Sending packets that use the WAN or

LAN IP broadcast address as the source address.

Land Attack: Sending packets that use the same address as the

source and destination address.

Ping of Death: Illegal IP packet length.

DOS Protection Click the Enable radio button to use the following denial of

service protections:

SYN DoS, ICMP DoS and Per-host DoS protection.

Max Half open TCP Connection Sets the percentage of concurrent IP sessions that can be in the

half-open state. In ordinary TCP communication, packets are

in the half-open state only briefly as a connection is being

initiated; the state changes to active when packets are being

exchanged, or closed when the exchange is complete. TCP

connections in the half-open state can use up the available IP

sessions.

If the percentage is exceeded, then the half-open sessions will

be closed and replaced with new sessions as they are initiated.

Max ICMP Connection Sets the percentage of concurrent IP sessions that can be used

for ICMP messages.

If the percentage is exceeded, older ICMP IP sessions will be

replaced by new sessions as they are initiated.

Max Single Host Connection Sets the percentage of concurrent IP session that can originate

from a single computer. This percentage should take into

account the number of hosts on the LAN.

Log Destination Specifies how attempted violations of the firewall settings will

be tracked. Records of such events can be sent via Ethernet to

be handled by a system utility Ethernet to (Trace) or can be

e-mailed to specified administrators.