D-Link DFL-800 Product Manual - Page 506
SecuRemoteUDP Compatibility, IP Option Sizes, IP Option Source/Return, IP Options Timestamps
UPC - 790069282133
View all D-Link DFL-800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 506 highlights
13.1. IP Level Settings Chapter 13. Advanced Settings Default: ValidateLogBad SecuRemoteUDP Compatibility Allow IP data to contain eight bytes more than the UDP total length field specifies. Checkpoint SecuRemote violates NAT-T drafts. Default: Disabled IP Option Sizes Verifies the size of "IP options". These options are small blocks of information that may be added to the end of each IP header. This function checks the size of well known option types and ensures that no option exceeds the size limit stipulated by the IP header itself. Default: ValidateLogBad IP Option Source/Return Indicates whether source routing options are to be permitted. These options allow the sender of the packet to control how the packet is to be routed through each router and firewall. These constitute an enormous security risk. NetDefendOS never obeys the source routes specified by these options, regardless of this setting. Default: DropLog IP Options Timestamps Time stamp options instruct each router and firewall on the packet's route to indicate at what time the packet was forwarded along the route. These options do not occur in normal traffic. Time stamps may also be used to "record" the route a packet has taken from sender to final destination. NetDefendOS never enters information into these options, regardless of this setting. Default: DropLog IP router alert option How to handle IP packets with contained route alert. Default: ValidateLogBad IP Options Other All options other than those specified above. Default: DropLog Directed Broadcasts Indicates whether NetDefendOS will forward packets which are directed to the broadcast address of its directly connected networks. It is possible to achieve this functionality by adding lines to the Rules section, but it is also included here for simplicity's sake. This form of validation is faster than entries in the Rules section since it is more specialized. Default: DropLog 506