ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
5-22
Firewall Protection
v1.0, September 2009
4.
Click
Apply
to save your settings.
LAN Security Checks.
Block UDP flood
Select the
Block UDP flood
checkbox to prevent the UTM from accepting more
than 20 simultaneous, active UDP connections from a single device on the LAN.
By default, the
Block UDP flood
checkbox is deselected.
A UDP flood is a form of denial of service attack that can be initiated when one
device sends a large number of UDP packets to random ports on a remote host.
As a result, the distant host does the following:
1. Check for the application listening at that port.
2. See that no application is listening at that port.
3. Reply with an ICMP Destination Unreachable packet.
When the victimized system is flooded, it is forced to send many ICMP packets,
eventually making it unreachable by other clients. The attacker might also spoof
the IP address of the UDP packets, ensuring that the excessive ICMP return
packets do not reach him, thus making the attacker’s network location
anonymous.
Disable Ping Reply
on LAN Ports
Select the
Disable Ping Reply on LAN Ports
checkbox to prevent the UTM
from responding to a ping on a LAN port. A ping can be used as a diagnostic
tool. Keep this checkbox deselected unless you have a specific reason to
prevent the UTM from responding to a ping on a LAN port.
VPN Pass through
IPSec
PPTP
L2TP
When the UTM functions in NAT mode, all packets going to the remote VPN
gateway are first filtered through NAT and then encrypted per the VPN policy.
For example, if a VPN client or gateway on the LAN side of the UTM wants to
connect to another VPN endpoint on the WAN side (placing the UTM between
two VPN endpoints), encrypted packets are sent to the UTM. Because the UTM
filters the encrypted packets through NAT, the packets become invalid unless
you enable the VPN Pass through feature.
To enable the VPN tunnel to pass the VPN traffic without any filtering, select any
or all of the following checkboxes:
•
IPSec
. Disables NAT filtering for IPSec tunnels.
•
PPTP
. Disables NAT filtering for PPTP tunnels.
•
L2TP
. Disables NAT filtering for L2TP tunnels.
By default, all three checkboxes are selected.
Table 5-4. Attack Checks Settings (continued)
Setting
Description (or Subfield and Description)