Configure security settings Firewall
Digi TransPort WR Routers User Guide 687
Stateful Inspection Settings parameters
Stateful inspection settings are configured on the Configuration > Security> Firewalls> Stateful
Inspection Settings page. This page contains timer timeout values and other options for the
firewall stateful inspection module. This module establishes firewall rules that last for a single
connection only. Typically, the first packet of a TCP connection (SYN packet) creates a stateful
inspection rule that only allows subsequent packets for that TCP connection through the firewall.
The timers described below set limits on how long such rules persist.
Timers
TCP Opening s seconds
The time following receipt of a TCP packet that causes a stateful inspection rule to be created
before a TCP connection must be established. If a TCP connection is not established within this
period, the associated stateful rule is removed.
TCP Open s seconds
The time an established TCP connection can remain idle before the stateful inspection rule
created for it is removed. The timer is restarted each time a packet is processed by the
associated stateful inspection rule.
TCP Closing s seconds
The time allowed for a TCP socket to close once the first FIN packet has been received. If the
timer expires before the socket has completed closing, the stateful inspection rule is removed.
TCP Closed s seconds
The time that a stateful inspection rule remains in place after a TCP connection has closed.
UDP s seconds
The time that a stateful inspection rule remains in place following the receipt of UDP packet. The
timer is restarted each time packets matching the rule pass in each direction. As a consequence,
use rules based on UDP only if packets will travel in both directions.
ICMP s seconds
Some ICMP packets, such as the ECHO request, generate response packets. The value in this text
box specifies the length of time that a stateful inspection rule created for an ICMP packet will
remain in place if the response is not received. The rule is removed immediately following
receipt of the response.
Other protocols s seconds
If a stateful inspection rule is created from a packet type other than TCP, UDP or ICMP, a rule
timeout should be created for it. The parameter in this text box specifies the length of time such
a rule persists. The timer is restarted each time a packet is processed by the rule.
To Next Page
Loading...
