Chapter 9. Configuring Firewall/NAT Settings
Internet Security Router User
’s Manual
66
Field
Description
Minimum IP
Fragment Size
Enter the Minimum size of IP fragments to be allowed through Firewall. This
limit will not be enforced on the last fragment of the packet. If the Internet
traffic is such that it generates many small sized fragments, this value can
be decreased. This can be found if there are lots of packet loss, degradation
in speed and if the following log message is generated very often:
”fragment
of size less than configured minimum fragment size detected
”.
9.6.3.2
Access DoS Configuration Page
– (Firewall è Advanced è DoS)
Log into Configuration Manager as admin, click the Firewall menu, click the Advanced submenu and then
click the DoS submenu. The DoS Configuration page displays, as shown in Figure 9.15.
Note that when you open the DoS Configuration page, a list of supported DoS protection is also displayed at
the bottom half of the configuration page such as those shown in Figure 9.15. Note that most of these
protections are enabled by default when firewall is enabled.
9.6.3.3
Configuring DoS Settings
By default, most DoS protection against all supported attack types are enabled. Figure 9.15 shows the default
configuration for DoS settings. You may check or un-check individual type of attack defense to disable or
enable protection against that specific type of attack.
Figure 9.15. DoS Configuration Page
9.7
Firewall Policy List
– (Firewall è Policy List)
Firewall policy list provides a convenient way to manage firewall ACL rules (inbound/outbound ACL rules, and
group ACL rules).
„ Application Filters – This option allows you to configure Command Filters for FTP, HTTP, RPC and
SMTP applications. Configure filters here before attaching them to policies.
„ IP Pools – This option allows you to configure logical names for IP Pools and set appropriate IP
addresses. Each record contains the name of the IP record and the types of IP address (single IP
address or a range of IP address or a subnet address).