User guide
220
Stateful Inspection
Stateful inspection options are accessed by the security state-insp tag.
Stateful inspection is a security feature that prevents unsolicited inbound access when
NAT is disabled. The Netopia Gateway monitors and maintains the state of any network
transaction. In terms of network request-and-reply, state consists of the source IP address,
destination IP address, communication ports, and data sequence. The Netopia Gateway
processes the stream of a network conversation, rather than just individual packets. It ver-
ifies that packets are sent from and received by the proper IP addresses along the proper
communication ports in the correct order and that no imposter packets interrupt the
packet flow. Packet filtering monitors only the ports involved, while the Netopia Gateway
analyzes the continuous conversation stream, preventing session hijacking and denial of
service attacks.
You can configure UDP and TCP “no-activity” periods that will also apply to NAT time-outs if
stateful inspection is enabled on the interface
☛ NOTE:
If Stateful Inspection is enabled on a WAN interface, 'Default Mapping to
Router' must be enabled to allow inbound VPN terminations to the router.
set security state-insp [ ip-ppp | dsl ] vcc
n
option [ off | on ]
set security state-insp ethernet [ A | B ] option [ off | on ]
Sets the stateful inspection option off or on on the specified interface. This option is dis-
abled by default. Stateful inspection prevents unsolicited inbound access when NAT is dis-
abled.
set security state-insp [ ip-ppp | dsl ] vcc
n
default-mapping [ off | on ]
set security state-insp ethernet [ A | B ]
default-mapping [ off | on ]
Sets stateful inspection default mapping to router option off or on on the specified inter-
face.