EasyManua.ls Logo

Arris NVG599 - Link: Firewall Advanced

Arris NVG599
228 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Administrator’s Handbook
76
Link: Firewall Advanced
When you click the Firewall Advanced link the Firewall Advanced screen appears.
All computer operating systems are vulnerable to attack from outside sources, typically at the operating
system or Internet Protocol (IP) layers. Stateful inspection firewalls intercept and analyze incoming data
packets to determine whether they should be admitted to your private LAN, based on multiple criteria, or
blocked. Stateful inspection improves security by tracking data packets over a period of time, examining
incoming and outgoing packets. Outgoing packets that request specific types of incoming packets are tracked;
only those incoming packets constituting a proper response are allowed through the firewall.
Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled. You can
configure UDP and TCP “no-activity” periods that will also apply to NAT timeouts if stateful inspection is
enabled on the interface. Stateful Inspection parameters are active on a WAN interface only if enabled on your
NVG599 device. Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not.
DoS Protection – Denial-of-service (DoS) attacks are common on the Internet, and can render an individual PC
or a whole network practically unusable by consuming all its resources. Your NVG599 includes default settings
to block the most common types of DoS attacks. For special requirements or circumstances, a variety of
additional blocking characteristics are offered. See the following table.
Menu item Function
Drop packets with invalid source or desti-
nation IP address
Whether packets with invalid source or destination IP address(es) are to be
dropped
Protect against port scan Whether to detect and drop port scans.
Drop packets with unknown ether types
Whether packets with
unknown ether types are to be dropped
Drop packets with invalid TCP flags Whether packets with invalid TCP flag settings (NULL, FIN, Xmas, etc.)
should be dropped
Drop incoming ICMP Echo requests Whether all ICMP echo requests are to be dropped; On or Off.

Table of Contents

Other manuals for Arris NVG599

Preview: Administrator's Guide
Administrator's Guide50 pages
Preview: Self-Installation Guide
Self-Installation Guide3 pages

Related product manuals