Page 141 / 351
Scroll up to view Page 136 - 140
141
Security
•
UDP no-activity time-out
: The time in seconds after which a UDP session will be ter-
minated, if there is no traffic on the session.
•
TCP no-activity time-out
: The time in seconds after which an TCP session will be ter-
minated, if there is no traffic on the session.
•
Exposed Addresses
: The hosts specified in Exposed Addresses will be allowed to
receive inbound traffic even if there is no corresponding outbound traffic. This is active
only if NAT is disabled on a WAN interface.
•
Stateful Inspection Options
: Enable and configure stateful inspection on a WAN inter-
face.
Exposed Addresses
You can specify the IP addresses you want to expose by clicking the
Exposed
ad
dresses
link.
Page 142 / 351
142
Add, Edit, or delete exposed addresses options are active only if NAT is disabled on a WAN
interface. The hosts specified in exposed addresses will be allowed to receive inbound traf-
fic even if there is no corresponding outbound traffic.
•
Start Address
: Start IP Address of the exposed host range.
•
End Address
: End IP Address of the exposed host range
•
Protocol
: Select the Protocol of the traffic to be allowed to the host range from the pull-
down menu. Options are Any, TCP, UDP, or TCP/UDP.
•
Start Port
: Start port of the range to be allowed to the host range. The acceptable
range is from 1 - 65535
•
End Port
: Protocol of the traffic to be allowed to the host range. The acceptable range
is from 1 - 65535
You can add more exposed addresses by clicking the
Ad
d more Exposed Ad
dresses
link. A list of previously configured exposed addresses appears.
Page 143 / 351
143
Security
Click the
Ad
d
button to add a new range of exposed addresses.
You can edit a previously configured range by clicking the
Edit
button, or delete the entry
entirely by clicking the
Delete
button.
All configuration changes will trigger the Alert Icon.
Click on the Alert icon.
This allows you to validate the configuration and reboot the Gateway.
Click the
Sa
ve and Restar
t
link. You will be asked to confirm your choice, and the Gate-
way will reboot with the new configuration.
Page 144 / 351
144
Stateful Inspection Options
Stateful Inspection Parameters are active on a WAN interface only if you enable them on
your Gateway.
•
Stateful Inspection
: To enable stateful inspection on this WAN interface, check the
checkbox.
•
Default Mapping to Router
: This is disabled by default. This option will allow the
router to respond to traffic received on this interface, for example, ICMP Echo requests.
☛
NOTE:
If Stateful Inspection is enabled on a WAN interface
Default Mapping to
Router
must be enabled to allow inbound VPN terminations to the router.
•
TCP Sequence Number Difference
: Enter a value in this field. This value represents
the maximum sequence number difference allowed between subsequent TCP packets.
If this number is exceeded, the packet is dropped. The acceptable range is 0 – 65535.
A value of 0 (zero) disables this check.
•
Deny Fragments
: To enable this option, which causes the router to discard fragmented
packets on this interface, check the checkbox.
Page 145 / 351
145
Security
Open Ports in Default Stateful Inspection Installation
Port
Protocol
Description
LAN (Private)
Interface
WAN (Public)
Interface
23
TCP
telnet
Yes
No
53
UDP
DNS
Yes
No
67
UDP
Bootps
Yes
No
68
UDP
Bootpc
Yes
No
80
TCP
HTTP
Yes
No
137
UDP
Netbios-ns
Yes
No
138
UDP
Netbios-dgm
Yes
No
161
UDP
SNMP
Yes
No
500
UDP
ISAKMP
Yes
No
520
UDP
Router
Yes
No
19216811.live