Maximum Connection Sessions
The service associated with an ALG has a configurable parameter associated with it called Max
Sessions and the default value varies according to the type of ALG. For instance, the default value
for the HTTP ALG is 1000. This means that a 1000 connections are allowed in total for the HTTP
service across all interfaces. The full list of default maximum session values are:
•
HTTP ALG - 1000 sessions.
•
FTP ALG - 200 sessions.
•
TFTP ALG - 200 sessions.
•
SMTP ALG - 200 sessions.
•
POP3 ALG - 200 sessions.
•
H.323 ALG - 100 sessions.
•
SIP ALG - 200 sessions.
Tip: Maximum sessions for HTTP can sometimes be too low
This default value of the maximum sessions can often be too low for HTTP if there are
large number of clients connecting through the NetDefend Firewall and it is therefore
recommended to consider using a higher value in such circumstances.
6.2.2. The HTTP ALG
Hyper Text Transfer Protocol (HTTP) is the primary protocol used to access the World Wide Web
(WWW). It is a connectionless, stateless, application layer protocol based on a request/response
architecture. A client, such as a Web browser, sends a request by establishing a TCP/IP connection
to a known port (usually port 80) on a remote server. The server answers with a response string,
followed by a message of its own. That message might be, for example, an HTML file to be shown
in the Web browser or an ActiveX component to be executed on the client, or perhaps an error
message.
The HTTP protocol has particular issues associated with it because of the wide variety of web sites
that exist and because of the range of file types that can be downloaded using the protocol.
HTTP ALG Features
The HTTP ALG is an extensive NetDefendOS subsystem consisting of the options described below:
•
Static Content Filtering - This deals with Blacklisting and Whitelisting of specific URLs.
1.
URL Blacklisting
Specific URLs can be blacklisted so that they are not accessible. Wildcarding can be used
when specifying URLs, as described below.
2.
URL Whitelisting
The opposite to blacklisting, this makes sure certain URLs are always allowed.
Wildcarding can also be used for these URLs, as described below.
It is important to note that whitelisting a URL means that it cannot be blacklisted and it also
cannot be dropped by web content filtering (if that is enabled, although it will be logged).
6.2.2. The HTTP ALG
Chapter 6. Security Mechanisms
246
Содержание NetDefend DFL-260E
Страница 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Страница 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Страница 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Страница 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Страница 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Страница 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Страница 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Страница 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Страница 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Страница 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Страница 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Страница 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Страница 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Страница 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Страница 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...