D-Link DFL-210-WCF-12 Product Manual - Page 514
State Settings, ReplaceLog, Enabled, NoLog, Allow, FwdFast, Reject, LogOC, LogOCAll
UPC - 790069601545
View all D-Link DFL-210-WCF-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 514 highlights
13.4. State Settings Chapter 13. Advanced Settings 13.4. State Settings Connection Replace Allows new additions to the NetDefendOS connection list to replace the oldest connections if there is no available space. Default: ReplaceLog Log Open Fails In some instances where the Rules section determines that a packet should be allowed through, the stateful inspection mechanism may subsequently decide that the packet cannot open a new connection. One example of this is a TCP packet that, although allowed by the Rules section and not being part of an established connection, has its SYN flag off. Such packets can never open new connections. In addition, new connections can never be opened by ICMP messages other than ICMP ECHO (Ping). This setting determines if NetDefendOS is to log the occurrence of such packets. Default: Enabled Log Reverse Opens Determines if NetDefendOS logs packets that attempt to open a new connection back through one that is already open. This only applies to TCP packets with the SYN flag turned on and to ICMP ECHO packets. In the case of other protocols such as UDP, there is no way of determining whether the remote peer is attempting to open a new connection. Default: Enabled Log State Violations Determines if NetDefendOS logs packets that violate the expected state switching diagram of a connection, for example, getting TCP FIN packets in response to TCP SYN packets. Default: Enabled Log Connections Specifies how NetDefendOS, will log connections: • NoLog - Does not log any connections; consequently, it will not matter if logging is enabled for either Allow or NAT rules in the IP rule set; they will not be logged. However, FwdFast, Drop and Reject rules will be logged as stipulated by the settings in the Rules section. • Log - Logs connections in short form; gives a short description of the connection, which rule allowed it to be made and any SAT rules that apply. Connections will also be logged when they are closed. • LogOC - As for Log, but includes the two packets that cause the connection to be opened and closed. If a connection is closed as the result of a timeout, no ending packet will be logged • LogOCAll - Logs all packets involved in opening and closing the connection. In the case of TCP, this covers all packets with SYN, FIN or RST flags turned on • LogAll - Logs all packets in the connection. 514