Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS336Gv1
71727374757677787980
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Firewall Protection and Content Filtering 4-17
v1.0, January 2010
LAN Security Checks.
Block UDP flood. A UDP flood is a form of denial of service attack in which the
attacking machine sends a large number of UDP packets to random ports to the victim
host. As a result, the victim host will check for the application listening at that port, see
that no application is listening at that port, and reply with an ICMP Destination
Unreachable packet.
When the victimized system is flooded, it is forced to send many ICMP packets,
eventually making it unreachable by other clients. The attacker may also spoof the IP
address of the UDP packets, ensuring that the excessive ICMP return packets do not reach
him, making the attacker’s network location anonymous.
If flood checking is enabled, the VPN firewall will not accept more than 20 simultaneous,
active UDP connections from a single computer on the LAN.
Disable Ping Reply on LAN Ports. To prevent the VPN firewall from responding to ping
requests from the LAN, click this checkbox.
VPN Pass through. When the VPN firewall is in NAT mode, all packets going to the Remote
VPN Gateway are first filtered through NAT and then encrypted per the VPN policy.
If a VPN client or gateway on the LAN side of the VPN firewall wants to connect to another
VPN endpoint on the WAN, with the VPN firewall between the two VPN end points, all
encrypted packets will be sent to the VPN firewall. Since the VPN firewall filters the
encrypted packets through NAT, the packets become invalid.
IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through the
VPN firewall. To allow the VPN traffic to pass through without filtering, enable those options
for the type of tunnel(s) that will pass through the VPN firewall.
Configuring Session Limits
To prevent one user or group from using excessive system resources, you can limit the total
number of IP sessions allowed through the VPN firewall for an individual or group. You can
specify the maximum number of sessions by either a percentage of maximum sessions or an
absolute number of maximum sessions. Session limiting is disabled by default.