User Manual Part 2

Table Of Contents
SmartDefense Categories
Chapter 14: Using SmartDefense 437
TCP
This category allows you to configure various protections related to the TCP protocol. It
includes the following:
Flags on page 443
Sequence Ve
rifier on page 442
Small PMTU on page 438
Strict TCP on page 437
SynDefender on page 440
Strict TCP
Out-of-state TCP packets are SYN-ACK or data packets that arrive out of order, before the
TCP SYN packet.
Note: In normal conditions, out-of-state TCP packets can occur after the
Safe@Office restarts, since connections which were established prior to the reboot
are unknown. This is normal and does not indicate an attack.
Note: Certain SmartDefense protections implicitly apply the Strict TCP protection to
relevant connections. In such cases, "TCP Out-of-State" log messages may appear
in the Security Log, even though the Strict TCP protection is disabled.
You can configure how out-of-state TCP packets should be handled.