Netgear SRX5308 SRX5308 Reference Manual - Page 118
Table 4-4. Attack Checks Settings continued, LAN Security Checks., Block UDP flood - l2tp
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 118 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 4-4. Attack Checks Settings (continued) Setting Description (or Subfield and Description) LAN Security Checks. Block UDP flood Disable Ping Reply on LAN Ports Select the Block UDP flood check box to prevent the VPN firewall from accepting more than 20 simultaneous, active UDP connections from a single device on the LAN. By default, the Block UDP flood check box is cleared. A UDP flood is a form of denial of service attack that can be initiated when one device sends a large number of UDP packets to random ports on a remote host. As a result, the distant host does the following: 1. Checks for the application listening at that port. 2. Sees that no application is listening at that port. 3. Replies with an ICMP Destination Unreachable packet. When the victimized system is flooded, it is forced to send many ICMP packets, eventually making it unreachable by other clients. The attacker might also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, thus making the attacker's network location anonymous. Select the Disable Ping Reply on LAN Ports check box to prevent the VPN firewall from responding to a ping on a LAN port. A ping can be used as a diagnostic tool. Keep this check box cleared unless you have a specific reason to prevent the VPN firewall from responding to a ping on a LAN port. VPN Pass through IPSec PPTP L2TP When the VPN firewall functions in NAT mode, all packets going to the remote VPN gateway are first filtered through NAT and then encrypted per the VPN policy. For example, if a VPN client or gateway on the LAN side of the VPN firewall wants to connect to another VPN endpoint on the WAN side (placing the VPN firewall between two VPN endpoints), encrypted packets are sent to the VPN firewall. Because the VPN firewall filters the encrypted packets through NAT, the packets become invalid unless you enable the VPN Pass through feature. To enable the VPN tunnel to pass the VPN traffic without any filtering, select any or all of the following check boxes: • IPSec. Disables NAT filtering for IPSec tunnels. • PPTP. Disables NAT filtering for PPTP tunnels. • L2TP. Disables NAT filtering for L2TP tunnels. By default, all three check boxes are selected. 4. Click Apply to save your settings. 4-28 v1.0, April 2010 Firewall Protection