Filter
Top Products
Chapter 8 - IntraGuard Firewall Configuration 135
SynRejectOnly
This checkbox sets whether the device will limit itself to sending TCP reset
messages only when a TCP packet containing the SYN flag has been rejected.
This can be useful when ICMP redirects are being sent, which could cause
sessions to terminate prematurely. The default is checked.
SendICMPReset
This checkbox sets whether the device will send an ICMP message to the
client when an IP or UDP packet has been rejected. The default is unchecked.
ICMPtoTCPsession
This checkbox sets whether the device will send an ICMP message to the
client when a TCP packet has been rejected. This is in addition to sending a
TCP reset message, if it has been enabled using the SendTCPReset checkbox.
The default is unchecked.
RejectSRCRoute
This checkbox sets whether the device will reject source-routed IP packets.
The default is checked.
MinIPFragLen
This field sets the minimum acceptable length of IP packets. Raising the
minimum packet length can be useful in preventing "frag" attacks, which can
take advantage of the use of partial header information in fragmented packets.
The IntraGuard protects against overlapping fragmentation attacks, even
when the MinIPFragLen is set to the minimum value of 40. Values may range
between 40 and 1,500. The default is 40.