D-Link DFL-800-AV-12 User Manual - Page 314
Stateful Inspection Settings
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 314 highlights
13.5. Stateful Inspection Settings Chapter 13. Advanced Settings 13.5. Stateful Inspection Settings LogConnectionUsage This generates a log message for every packet that passes through a connection that is set up in the NetDefendOS state-engine. Traffic whose destination is the D-Link Firewall itself, for example NetDefendOS management traffic, is not subject to this setting. The log message includes port, service, source/destination IP address and interface. This setting should only be enabled for diagnostic and testing purposes since it generates unwieldy volumes of log messages and can also significantly impair throughput performance. Default: Disabled ConnReplace Allows new additions to NetDefendOS's connection list to replace the oldest connections if there is no available space. Default: ReplaceLog LogOpenFails In some instances where the Rules section determines that a packet should be allowed through, the stateful inspection mechanism may subsequently decide that the packet cannot open a new connection. One example of this is a TCP packet that, although allowed by the Rules section and not being part of an established connection, has its SYN flag off. Such packets can never open new connections. In addition, new connections can never be opened by ICMP messages other than ICMP ECHO (Ping). This setting determines if NetDefendOS is to log the occurrence of such packets. Default: Enabled LogReverseOpens Determines if NetDefendOS logs packets that attempt to open a new connection back through one that is already open. This only applies to TCP packets with the SYN flag turned on and to ICMP ECHO packets. In the case of other protocols such as UDP, there is no way of determining whether the remote peer is attempting to open a new connection. Default: Enabled LogStateViolations Determines if NetDefendOS logs packets that violate the expected state switching diagram of a connection, for instance, getting TCP FIN packets in response to TCP SYN packets. Default: Enabled MaxConnections Specifies how many connections NetDefendOS may keep open at any one time. Each connection consumes approximately 150 bytes RAM. When this setting is dynamic, NetDefendOS will try to use as many connections as is allowed by product. Default: LogConnections Specifies how NetDefendOS, will log connections: 314