Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS338
71727374757677787980
ProSafe VPN Firewall 50 FVS338 Reference Manual
Firewall Protection and Content Filtering 4-17
v1.0, January 2010
When blocking is enabled,, the VPN firewall will drop all invalid TCP packets and will be
protected from a SYN flood attack.
LAN Security Checks.
A UDP flood is a form of denial of service attack that can be initiated when one machine
sends a large number of UDP packets to random ports on a remote host. As a result, the
distant host will (1) check for the application listening at that port, (2) verify that no
application is listening at that port, and then (3) reply with an ICMP Destination
Unreachable packet.
When the victimized system is flooded, it is forced to send many ICMP packets,
eventually making it unreachable by other clients. The attacker may also spoof the IP
address of the UDP packets, ensuring that the excessive ICMP return packets do not reach
him, thus making the attackers network location anonymous.
If enabled, the VPN firewall will not accept more than 20 simultaneous, active UDP
connections from a single computer on the LAN.
Disable Ping Reply on LAN Ports. To prevent the VPN firewall from responding to Ping
requests from the LAN, click this checkbox.
VPN Pass through. When the VPN firewall is in NAT mode, all packets going to the remote
VPN gateway are first filtered through NAT and then encrypted per the VPN policy.
For example, if a VPN Client or Gateway on the LAN side of this VPN firewall wants to
connect to another VPN endpoint on the WAN (placing this VPN firewall between two VPN
end points), encrypted packets will be sent to this VPN firewall. Since this VPN firewall filters
the encrypted packets through NAT, the packets will become invalid unless VPN Pass through
is enabled.
IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through the
VPN firewall. To allow the VPN traffic to pass through without filtering, enable those options
for the type of tunnel(s) that will pass through the VPN firewall. By default, IPSec, PPTP, and
L2TP are selected.
Configuring Session Limits
To prevent one user or group from using excessive system resources, you can limit the total
number of IP sessions allowed through the VPN firewall for an individual or group. You can
specify the maximum number of sessions by either a percentage of maximum sessions or an
absolute number of maximum sessions. Session limiting is disabled by default.