Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

27-18

Cisco ASDM User Guide

OL-16647-01

Chapter 27 Configuring Advanced Firewall Protection

Configuring the Fragment Size

–

Timeout—Specifies the maximum number of seconds to wait for an entire fragmented packet

to arrive. The timer starts after the first fragment of a packet arrives. If all fragments of the

packet do not arrive by the number of seconds specified, all fragments of the packet that were

already received will be discarded. The default is 5 seconds.

• Edit—Opens the Edit Fragment dialog box.

• Show Fragment—Opens a panel and displays the current IP fragment database statistics for each

interface of the security appliance.

Changing Fragment Parameters

To modify the IP fragment database parameters of an interface, perform the following steps:

Step 1 Choose the interface to change in the Fragment table and click Edit. The Edit Fragment dialog box

appears.

Step 2 In the Edit Fragment dialog box, change the Size, Chain, and Timeout values as desired, and click OK.

If you make a mistake, click Restore Defaults.

Step 3 Click Apply in the Fragment panel.

Modes

The following table shows the modes in which this feature is available:

Show Fragment

The Show Fragment panel displays the operational data of the IP fragment reassembly module.

Fields

• Size—Display only. Displays the number of packets in the IP reassembly database waiting for

reassembly. The default is 200.

• Chain—Display only. Displays the number of packets into which a full IP packet can be fragmented.

The default is 24 packets.

• Timeout—Display only. Displays the number of seconds to wait for an entire fragmented packet to

arrive. The timer starts after the first fragment of a packet arrives. If all fragments of the packet do

not arrive by the number of seconds displayed, all fragments of the packet that were already received

will be discarded. The default is 5 seconds.

• Threshold—Display only. Displays the IP packet threshold, or the limit after which no new chains

can be created in the reassembly module.

• Queue—Display only. Displays the number of IP packets waiting in the queue for reassembly.

• Assembled—Display only. Displays the number of IP packets successfully reassembled.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• • • •—

previous next