Page 86 / 116
Scroll up to view Page 81 - 85
C
ONFIGURING
THE
ADSL R
OUTER
4-48
•
Connection
Policy
Enter the appropriate values for TCP/UDP sessions as described in the
following table.
Parameter
Defaults
Description
Fragmentation
half-open wait
10 sec
Configures the number of seconds that a packet
state structure remains active. When the timeout
value expires, the router drops the unassembled
packet, freeing that structure for use by another
packet.
TCP SYN wait
30 sec
Defines how long the software will wait for a
TCP session to synchronize before dropping the
session.
TCP FIN wait
5 sec
Specifies how long a TCP session will be
maintained after the firewall detects a FIN
packet.
TCP connection
idle timeout
3600 sec
(1 hour)
The length of time for which a TCP session will
be managed if there is no activity.
UDP session idle
timeout
30 sec
The length of time for which a UDP session will
be managed if there is no activity.
H.323 data channel
idle timeout
180 sec
The length of time for which an H.323 session
will be managed if there is no activity.
Downloaded from
www.Manualslib.com
manuals search engine
Page 87 / 116
A
DVANCED
S
ETUP
4-49
•
DoS
Criteria
and
Port
Scan
Criteria
Set up DoS and port scan criteria in the spaces provided (as shown below).
Note:
The firewall does not significantly affect system performance, so
we advise enabling the prevention features to protect your
network.
Parameter
Defaults
Description
Total incomplete
TCP/UDP sessions
HIGH
300
sessions
Defines the rate of new unestablished sessions
that will cause the software to
start
deleting
half-open sessions.
Total incomplete
TCP/UDP sessions
LOW
250
sessions
Defines the rate of new unestablished sessions
that will cause the software to
stop
deleting half-
open sessions.
Incomplete
TCP/UDP sessions
(per min) HIGH
250
sessions
Maximum number of allowed incomplete
TCP/UDP sessions per minute.
Incomplete
TCP/UDP sessions
(per min) LOW
200
sessions
Minimum number of allowed incomplete
TCP/UDP sessions per minute.
Maximum incomplete
TCP/UDP sessions
number from same
host
10
Maximum number of incomplete TCP/UDP
sessions from the same host.
Incomplete
TCP/UDP sessions
detect sensitive time
period
300
msec
Length of time before an incomplete
TCP/UDP session is detected as incomplete.
Maximum half-open
fragmentation packet
number from same
host
30
Maximum number of half-open fragmentation
packets from the same host.
Half-open
fragmentation detect
sensitive time period
10000
msec
Length of time before a half-open
fragmentation session is detected as half-open.
Flooding cracker
block time
300 sec
Length of time from detecting a flood attack to
blocking the attack.
Downloaded from
www.Manualslib.com
manuals search engine
Page 88 / 116
C
ONFIGURING
THE
ADSL R
OUTER
4-50
DMZ
If you have a client PC that cannot run an Internet application properly
from behind the firewall, you can open the client up to unrestricted
two-way Internet access. Enter the IP address of a DMZ (Demilitarized
Zone) host on this screen. Adding a client to the DMZ may expose your
local network to a variety of security risks, so only use this option as a last
resort.
Downloaded from
www.Manualslib.com
manuals search engine
Page 89 / 116
A
DVANCED
S
ETUP
4-51
SNMP
Use the SNMP configuration screen to display and modify parameters for
the Simple Network Management Protocol (SNMP).
Community
A computer attached to the network, called a Network Management
Station (NMS), can be used to access this information. Access rights to the
agent are controlled by community strings. To communicate with the
ADSL Router, the NMS must first submit a valid community string for
authentication.
Note:
Up to five community names may be entered.
Parameter
Description
Community
A community name authorized for management access.
Access
Management access is restricted to Read Only (Read) or
Read/Write (Write).
Valid
Enables/disables the entry.
Downloaded from
www.Manualslib.com
manuals search engine
Page 90 / 116
C
ONFIGURING
THE
ADSL R
OUTER
4-52
Trap
Specify the IP address of the NMS to notify when a significant event is
detected by the agent. When a trap condition occurs, the SNMP agent
sends an SNMP trap message to any NMS specified as a trap receiver.
Parameter Description
IP Address
Traps are sent to this address when errors or specific events occur on
the network.
Community
A community string (password) specified for trap management.
Enter a word, something other than public or private, to prevent
unauthorized individuals from accessing information on your system.
Version
Sets the trap status to disabled, or enabled with V1 or V2c.
The v2c protocol was proposed in late 1995 and includes
enhancements to v1 that are universally accepted. These include a
get-bulk command to reduce network management traffic when
retrieving a sequence of MIB variables, and a more elaborate set of
error codes for improved reporting to a Network Management
Station.
Downloaded from
www.Manualslib.com
manuals search engine
19216811.live