Security Configuration 8 - 11
17. The firewall policy allows traffic filtering at the application layer using the Application Layer Gateway feature. The
Application Layer Gateway provides filters for the following common protocols:
18. Refer to the Firewall Enhanced Logging field to set the following parameters:
19. Select the Enable Stateful DHCP Checks radio button to enable the stateful checks of DHCP packet traffic through the
firewall. The default setting is enabled. When enabled, all DHCP traffic flows are inspected.
20. Define Flow Timeout intervals for the following flow types impacting the firewall:
FTP ALG Select the Enable box to allow FTP traffic through the firewall using its default ports. This
feature is enabled by default.
TFTP ALG Select the Enable box to allow TFTP traffic through the firewall using its default ports. This
feature is enabled by default.
SIP ALG Select the Enable box to allow SIP traffic through the firewall using its default ports. This
feature is enabled by default.
SCCP ALG Select the check box to allow SCCP traffic through the firewall using its default ports. This
feature is enabled by default. Signalling Connection Control Part (SCCP) is a network
protocol that provides routing, flow control and error correction in telecommunication
networks.
FaceTime ALG Select the check box to allow Apple’s FaceTime video calling traffic through the firewall
using its default port. This feature is enabled by default.
Log Dropped ICMP
Packets
Use the drop-down menu to define how dropped ICMP packets are logged. Logging can
be rate limited for one log instance every 20 seconds. Options include Rate Limited, All or
None. The default setting is None.
Log Dropped Malformed
Packets
Use the drop-down menu to define how dropped malformed packets are logged. Logging
can be rate limited for one log instance every 20 seconds. Options include Rate Limited,
All or None. The default setting is None.
Enable Verbose Logging Select this option to enable verbose logging for dropped packets. This setting is disabled
by default.
TCP Close Wait Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.
TCP Established Define a flow timeout value in either Seconds (15 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 90 minutes.
TCP Reset Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.
TCP Setup Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.
Stateless TCP Flow Define a flow timeout value in either Seconds (1 - 32,400), Minutes
(1 - 540) or
Hours (1 - 9). The default setting is 90 seconds.
Stateless FIN/RESET
Flow
Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.
To Next Page
Loading...
