Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsNetworkingSRXN3205
919293949596979899100
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
5-16 Firewall Security and Content Filtering
v1.0, January 2010
Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker
sends a succession of SYN requests to a target system. When the system responds, the
attacker does not complete the connection, thus saturating the server with half-open
connections. No legitimate connections can then be made.
When blocking is enabled, the VPN firewall will limit the lifetime of partial connections
and will be protected from a SYN flood attack.
LAN Security Checks
Block UDP flood. A UDP flood is a form of denial of service attack that can be initiated
when one machine sends a large number of UDP packets to random ports on a remote
host. As a result, the distant host will (1) check for the application listening at that port, (2)
see that no application is listening at that port, and (3) reply with an ICMP Destination
Unreachable packet.
When the victimized system is flooded, it is forced to send many ICMP packets,
eventually making it unreachable by other clients. The attacker may also spoof the IP
address of the UDP packets, ensuring that the excessive ICMP return packets do not reach
him, thus making the attackers network location anonymous.
If flood checking is enabled, the VPN firewall will not accept more than 20 simultaneous,
active UDP connections from a single computer on the LAN.
Disable Ping Reply on LAN Ports. To prevent the VPN firewall from responding to Ping
requests from the LAN, click this checkbox.
VPN Pass through. When the VPN firewall is in NAT mode, all packets going to the remote
VPN gateway are first filtered through NAT and then encrypted per the VPN policy.
For example, if a VPN Client or Gateway on the LAN side of this VPN firewall wants to
connect to another VPN endpoint on the WAN (placing this VPN firewall between two VPN
end points), encrypted packets are sent to this VPN firewall. Since this VPN firewall filters the
encrypted packets through NAT, the packets become invalid unless VPN pass through is
enabled.
IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through the
VPN firewall. To allow the VPN traffic to pass through without filtering, enable those options
for the type of tunnel(s) that will pass through the VPN firewall. By default, IPSec, PPTP, and
L2TP are selected.