freeGuard 100 CLI User Manual
81
anomaly command keywords and variables
Keywords &
variables
Description
Default
action
{clear_session | drop
| drop_session |
pass | pass_session
| reset| reset_client |
reset_server}
Select an action for the FreeGuard 100 to take when traffic
triggers this anomaly.
clear_session
•
The freeGuard 100 drops the packet that triggeredthe
anomaly, removes the session from the freeGuard 100
session table, and does not send a reset.
Drop
•
The freeGuard 100 drops the packet that triggeredthe
anomaly. freedom9 recommends using an action other than
drop for TCP connection based attacks.
drop_session
•
The freeGuard 100 drops the packet that triggeredthe
anomaly and drops any other packets in the same session.
pass
•
The freeGuard 100 lets the packet that triggered
theanomaly pass through the firewall. If logging isdisabled
and action is set to Pass, the anomaly is effectively disabled.
pass_session
•
The freeGuard 100 lets the packet that triggered
theanomaly and all other packets in the session pass
through the firewall.
reset
•
The freeGuard 100 drops the packet that triggeredthe
anomaly, sends a reset to both the client and the server, and
removes the session from the freeGuard 100 session table.
Used for TCP connections only. If you set this action for non-
TCP connection based attacks, the action behaves as
clear_session. If the Reset action is triggered before the
TCP connection is fully established it acts as
clear_session
.
reset_client
•
The freeGuard 100 drops the packet that triggeredthe
anomaly, sends a reset to the client, and removes the
session from the freeGuard 100 session table. Used for TCP
connections only. If you set this action for non-TCP
connection based attacks, the action behaves as
clear_session
. If the reset_client action is triggered before
the TCP connection is fully established it acts as
clear_session
.
reset_server
Varies.
Summary of Contents for freeGuard 100
Page 1: ...freeGuard 100 UTM Firewall CLI USER S MANUAL P N F0025000 Rev 1 1...
Page 3: ......
Page 7: ......
Page 87: ...80 The config ips anomaly command has 1 subcommand config limit...
Page 183: ...176...