Motorola Solutions AP-6511 Access Point System Reference Guide
8-6
11. Refer to the
TCP Protocol Checks
field to set the following parameters:
12. Select
OK
to update the Firewall Policy Advanced Settings. Select
Reset
to revert to the last saved
configuration.
8.1.2 Configuring IP Firewall Rules
Wireless Firewall
Devices use IP based Firewalls like
Access Control Lists
(ACLs) to filter/mark packets based on the IP from
which they arrive, as opposed to filtering packets on Layer 2 ports.
Stateless TCP Flow
Define a flow timeout value in either
Seconds
(1 - 32,400),
Minutes
(1 - 540) or
Hours
(1 - 9). The default setting is 90 seconds.
Stateless FIN/RESET
Flow
Define a flow timeout value in either
Seconds
(1 - 32,400),
Minutes
(1 - 540) or
Hours
(1 - 9). The default setting is 10 seconds.
ICMP
Define a flow timeout value in either
Seconds
(1 - 32,400),
Minutes
(1 - 540) or
Hours
(1 - 9). The default setting is 30 seconds.
UDP
Define a flow timeout value in either
Seconds
(1 - 32,400),
Minutes
(1 - 540) or
Hours
(1 - 9). The default setting is 90 seconds.
Any Other Flow
Define a flow timeout value in either
Seconds
(1 - 32,400),
Minutes
(1 - 540) or
Hours
(1 - 9). The default setting is 5 seconds.
Check TCP states
where a SYN packet
tears down the flow
Select the radio button to allow a SYN packet to delete an old flow in
TCP_FIN_FIN_STATE and TCP_CLOSED_STATE and create a new flow. The
default setting is enabled.
Check unnecessary
resends of TCP
packets
Select the radio button to enable the checking of unnecessary resends of
TCP packets. The default setting is enabled.
Check Sequence
Number in ICMP
Unreachable error
packets
Select the radio button to enable sequence number checks in ICMP
unreachable error packets when an established TCP flow is aborted.The
default setting is enabled.
Check
Acknowledgment
Number in RST
packets
Select the radio button to enable the checking of the acknowledgment
number in RST packets which aborts a TCP flow in the SYN state. The
default setting is enabled.
Check Sequence
Number in RST
packets
Select the radio button to check the sequence number in RST packets
which abort an established TCP flow. The default setting is enabled.
Summary of Contents for AP-6511
Page 1: ...Motorola Solutions AP 6511 Access Point System Reference Guide ...
Page 2: ...Motorola Solutions AP 6511 Access Point System Reference Guide 1 2 ...
Page 24: ...Motorola Solutions AP 6511 Access Point System Reference Guide 2 12 ...
Page 318: ...Motorola Solutions AP 6511 Access Point System Reference Guide 10 16 ...
Page 409: ...Statistics 13 49 Figure 13 31 Access Point Firewall Packet Flow screen ...
Page 433: ......