Specifications
157
Stateful Inspection Options
Stateful Inspection Parameters are active on a WAN interface only if you enable them on your Gateway.
• Stateful Inspection: To enable stateful inspection on this WAN interface, check the checkbox.
• Default Mapping to Router: This is disabled by default. This option will allow the router to respond to
traffic received on this interface, for example, ICMP Echo requests.
☛ NOTE:
If Stateful Inspection is enabled on a WAN interface Default Mapping to Router must be
enabled to allow inbound VPN terminations to the router.
• TCP Sequence Number Difference: Enter a value in this field. This value represents the maximum
sequence number difference allowed between subsequent TCP packets. If this number is exceeded, the
packet is dropped. The acceptable range is 0 – 65535. A value of 0 (zero) disables this check.
• Deny Fragments: To enable this option, which causes the router to discard fragmented packets on this
interface, check the checkbox.
Open Ports in Default Stateful Inspection Installation
Port Protocol Description
LAN (Private)
Interface
WAN (Public)
Interface
23 TCP telnet Yes No
53 UDP DNS Yes No
67 UDP Bootps Yes No
68 UDP Bootpc Yes No
80 TCP HTTP Yes No
137 UDP Netbios-ns Yes No
138 UDP Netbios-dgm Yes No
161 UDP SNMP Yes No
500 UDP ISAKMP Yes No
520 UDP Router Yes No