D-Link DSR-250v2 Product Manual - Page 72

Application Layer Gateways

Get D-Link DSR-250v2 PDF manuals and user guides View all D-Link DSR-250v2 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 72 highlights

Block TCP flood Allow ICMP traffic Filter check mode Block UDP flood Accept UDP connections SYN flood detect rate Echo storm ICMP flood If this option is enabled, the gateway will not respond to port scans from the WAN. This makes it less susceptible to discovery and attacks. If this option is enabled, the gateway drops all invalid TCP packets and gets protected from the TCP flood attack. If this option is enabled, the WAN host can ping traffic to the WAN interface. TCP filter check If this option is enabled, the gateway drops invalid TCP packets (FIN, RST, and ACK) going with SNAT while the connection is closed. Some of the other packets, like TCP OUT-OFWINDOW, are also considered to be invalid. Disable this option while taking performance, as enabling this option will affect the throughput. LAN security checks If this option is enabled, the gateway will not accept more than the configured value in Accep t UDP connections, indicating simultaneous, active UDP connections from a single computer on the LAN. Enter the number of UDP connections simultaneously accepted by the gateway from a single computer on the LAN. You can select any number between 25 to 500. This field is available when you enable Block UDP flood. DoS Attacks Enter the rate at which the SYN flood can be detected. Enter the number of ping packets per second at which the gateway detects an Echo storm attack from the WAN and prevents further ping traffic from that external address. Enter the number of ICMP packets per second at which the gateway detects an ICMP flood attack from the WAN and prevents further ICMP traffic from that external address. Application Layer Gateways Application Level Gateways (ALGs) are security components that enhance the firewall and NAT support of the Router to seamlessly support application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic, ephemeral TCP/ UDP ports to communicate with the known ports a particular client application (such as H.323 or RTSP) requires; otherwise, the admin would have to open a large number of ports to accomplish the same support. ALG understands the protocol used by the specific application that it supports. It is a very secure and efficient way of introducing client applications through the gateway's firewall. Field RTSP Description Enable it to allow applications that use Real Time Streaming Protocol to receive streaming media from the Internet. QuickTime and Real Player are some of the common applications using this protocol.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
If this option is enabled, the gateway will not respond to port scans from the WAN. This
makes it less susceptible to discovery and attacks.
Block TCP flood
If this option is enabled, the gateway drops all invalid TCP packets and gets protected from
the TCP flood attack.
Allow ICMP traffic
If this option is enabled, the WAN host can ping traffic to the WAN interface.
TCP filter check
Filter check mode
If this option is enabled, the gateway drops invalid TCP packets (FIN, RST, and ACK) going
with SNAT while the connection is closed. Some of the other packets, like TCP OUT-OF-
WINDOW, are also considered to be invalid. Disable this option while taking performance,
as enabling this option will affect the throughput.
LAN security checks
Block UDP flood
If this option is enabled, the gateway will not accept more than the configured value in
Accep
, indicating simultaneous, active UDP connections from a single computer
t UDP connections
on the LAN.
Accept UDP connections
Enter the number of UDP connections simultaneously accepted by the gateway from a
single computer on the LAN. You can select any number between 25 to 500. This field is
available when you enable
.
Block UDP flood
DoS Attacks
SYN flood detect rate
Enter the rate at which the SYN flood can be detected.
Echo storm
Enter the number of ping packets per second at which the gateway detects an Echo storm
attack from the WAN and prevents further ping traffic from that external address.
ICMP flood
Enter the number of ICMP packets per second at which the gateway detects an ICMP flood
attack from the WAN and prevents further ICMP traffic from that external address.
Application Layer Gateways
Application Level Gateways (ALGs) are security components that enhance the firewall and NAT support of the Router to seamlessly support
application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic, ephemeral TCP/ UDP ports to communicate
with the known ports a particular client application (such as H.323 or RTSP) requires; otherwise, the admin would have to open a large number of
ports to accomplish the same support. ALG understands the protocol used by the specific application that it supports. It is a very secure and
efficient way of introducing client applications through the gateway’s firewall.
Field
Description
RTSP
Enable it to allow applications that use Real Time Streaming Protocol to receive streaming
media from the Internet. QuickTime and Real Player are some of the common applications
using this protocol.