Maximum Connection Sessions
The service associated with an ALG has a configurable parameter associated with it called Max
Sessions and the default value varies according to the type of ALG. For instance, the default value
for the HTTP ALG is 1000. This means that a 1000 connections are allowed in total for the HTTP
service across all interfaces. The full list of default maximum session values are:
•
HTTP ALG - 1000 sessions.
•
FTP ALG - 200 sessions.
•
TFTP ALG - 200 sessions.
•
SMTP ALG - 200 sessions.
•
POP3 ALG - 200 sessions.
•
H.323 ALG - 100 sessions.
•
SIP ALG - 200 sessions.
Tip: Maximum sessions for HTTP can sometimes be too low
This default value of the maximum sessions can often be too low for HTTP if there are
large number of clients connecting through the NetDefend Firewall and it is therefore
recommended to consider using a higher value in such circumstances.
6.2.2. The HTTP ALG
Hyper Text Transfer Protocol (HTTP) is the primary protocol used to access the World Wide Web
(WWW). It is a connectionless, stateless, application layer protocol based on a request/response
architecture. A client, such as a Web browser, sends a request by establishing a TCP/IP connection
to a known port (usually port 80) on a remote server. The server answers with a response string,
followed by a message of its own. That message might be, for example, an HTML file to be shown
in the Web browser or an ActiveX component to be executed on the client, or perhaps an error
message.
The HTTP protocol has particular issues associated with it because of the wide variety of web sites
that exist and because of the range of file types that can be downloaded using the protocol.
HTTP ALG Features
The HTTP ALG is an extensive NetDefendOS subsystem consisting of the options described below:
•
Static Content Filtering - This deals with Blacklisting and Whitelisting of specific URLs.
1.
URL Blacklisting
Specific URLs can be blacklisted so that they are not accessible. Wildcarding can be used
when specifying URLs, as described below.
2.
URL Whitelisting
The opposite to blacklisting, this makes sure certain URLs are always allowed.
Wildcarding can also be used for these URLs, as described below.
It is important to note that whitelisting a URL means that it cannot be blacklisted and it also
cannot be dropped by web content filtering (if that is enabled, although it will be logged).
6.2.2. The HTTP ALG
Chapter 6. Security Mechanisms
246
Summary of Contents for NetDefend DFL-260E
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Page 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...