276
Stateful Inspection
Stateful inspection options are accessed by the
security state-insp
tag.
set security state-insp [ ip-ppp | dsl ] vcc
n
option [ off | on ]
set security state-insp ethernet [ A | B ] option [ off | on ]
Sets the stateful inspection option
off
or
on
on the specified inter face. This option is dis-
abled by default. Stateful inspection prevents unsolicited inbound access when NAT is dis-
abled.
set security state-insp [ ip-ppp | dsl ] vcc
n
default-mapping [ off | on ]
set security state-insp ethernet [ A | B ]
default-mapping [ off | on ]
Sets stateful inspection default mapping to router option
off
or
on
on the specified inter-
face.
set security state-insp [ ip-ppp | dsl ] vcc
n
tcp-seq-diff
[ 0 - 65535 ]
set security state-insp ethernet [ A | B ] tcp-seq-diff
[ 0 - 65535 ]
Sets the acceptable TCP sequence difference on the specified inter face. The TCP
sequence number difference maximum allowed value is 65535. If the value of
tcp-seq-diff
is 0, it means that this check is disabled.
set security state-insp [ ip-ppp | dsl ] vcc
n
deny-fragments [ off | on ]
set security state-insp ethernet [ A | B ]
deny-fragments [ off | on ]
Sets whether fragmented packets are allowed to be received or not on the specified inter-
face.
set security state-insp tcp-timeout [ 30 - 65535 ]
Sets the stateful inspection TCP timeout inter val, in seconds.
Summary of Contents for 3342
Page 1: ...Netopia Software User Guide April 2006 Netopia 2200 and 3300 Series Gateways Version 7 6 ...
Page 18: ...18 ...
Page 150: ...150 Example filter set page This is an example of the Netopia filter set page ...
Page 190: ...190 ...
Page 220: ...220 ...
Page 310: ...310 ...
Page 350: ...350 ...