13.4. State Settings
Connection Replace
Allows new additions to the NetDefendOS connection list to replace the oldest connections if
there is no available space.
Default:
ReplaceLog
Log Open Fails
In some instances where the Rules section determines that a packet should be allowed through,
the stateful inspection mechanism may subsequently decide that the packet cannot open a new
connection. One example of this is a TCP packet that, although allowed by the Rules section and
not being part of an established connection, has its SYN flag off. Such packets can never open
new connections. In addition, new connections can never be opened by ICMP messages other
than ICMP ECHO (Ping). This setting determines if NetDefendOS is to log the occurrence of such
packets.
Default:
Enabled
Log Reverse Opens
Determines if NetDefendOS logs packets that attempt to open a new connection back through
one that is already open. This only applies to TCP packets with the SYN flag turned on and to
ICMP ECHO packets. In the case of other protocols such as UDP, there is no way of determining
whether the remote peer is attempting to open a new connection.
Default:
Enabled
Log State Violations
Determines if NetDefendOS logs packets that violate the expected state switching diagram of a
connection, for example, getting TCP FIN packets in response to TCP SYN packets.
Default:
Enabled
Log Connections
Specifies how NetDefendOS, will log connections:
•
NoLog
– Does not log any connections; consequently, it will not matter if logging is enabled
for either
Allow
or
NAT
rules in the IP rule set; they will not be logged. However,
FwdFast
,
Drop
and
Reject
rules will be logged as stipulated by the settings in the Rules section.
•
Log
– Logs connections in short form; gives a short description of the connection, which rule
allowed it to be made and any
SAT
rules that apply. Connections will also be logged when
they are closed.
•
LogOC
– As for Log, but includes the two packets that cause the connection to be opened
and closed. If a connection is closed as the result of a timeout, no ending packet will be
logged
•
LogOCAll
– Logs all packets involved in opening and closing the connection. In the case of
TCP, this covers all packets with SYN, FIN or RST flags turned on
Chapter 13: Advanced Settings
860
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...