Firewall Configuration
Port Triggering
Cisco SA 500 Series Security Appliances Administration Guide
141
5
Viewing the Port Triggering Status
The Port Triggering Status page provides information on the ports that have been
opened as per the port triggering configuration rules. The ports are opened
dynamically whenever the security appliance detects traffic that matches a port
triggering rule.
To view this page, click
Firewall
on the menu bar, and then click
Port Triggering >
Port Triggering Status
in the navigation tree. The following information appears:
•
LAN IP Address:
Displays the LAN IP address of the device which caused
the ports to be opened.
•
Open Ports:
Displays the ports that have been opened so that traffic from
WAN destined to the LAN IP address can flow through the security
appliance.
•
Time Remaining:
This field displays the time for which the port will remain
open when there is no activity on that port. The time is reset when there is
activity on the port.
Configuring Session Settings to Analyze Incoming Packets
Use this page to configure how incoming packets are analyzed.
STEP 1
Click
Firewall
on the menu bar, and then click
Session Settings
in the navigation
tree.
The Session Settings page appears.
STEP 2
Enter the following information:
•
Maximum Unidentified Sessions:
This value defines the maximum number
of unidentified sessions for the ALG identification process. This value can
range between 2 and 128. The default is 32 sessions.
•
Maximum Half Open Sessions:
The gateway preserves resources by
limiting the number of half-open sessions at any given time. A half-open
session is the session state between receipt of a SYN packet and the SYN/
ACK packet. Under normal circumstances, a session is allowed to remain in
the half-open state for 10 seconds. The maximum value can range between
0 and 3,000. The default is 1,024 sessions.