Filter
Top Products
276
Stateful Inspection
Stateful inspection options are accessed by the security state-insp tag.
set security state-insp [ ip-ppp | dsl ] vcc
n
option [ off | on ]
set security state-insp ethernet [ A | B ] option [ off | on ]
Sets the stateful inspection option off or on on the specified interface. This option is dis-
abled by default. Stateful inspection prevents unsolicited inbound access when NAT is dis-
abled.
set security state-insp [ ip-ppp | dsl ] vcc
n
default-mapping [ off | on ]
set security state-insp ethernet [ A | B ]
default-mapping [ off | on ]
Sets stateful inspection default mapping to router option off or on on the specified inter-
face.
set security state-insp [ ip-ppp | dsl ] vcc
n
tcp-seq-diff
[ 0 - 65535 ]
set security state-insp ethernet [ A | B ] tcp-seq-diff
[ 0 - 65535 ]
Sets the acceptable TCP sequence difference on the specified interface. The TCP
sequence number difference maximum allowed value is 65535. If the value of tcp-seq-diff
is 0, it means that this check is disabled.
set security state-insp [ ip-ppp | dsl ] vcc
n
deny-fragments [ off | on ]
set security state-insp ethernet [ A | B ]
deny-fragments [ off | on ]
Sets whether fragmented packets are allowed to be received or not on the specified inter-
face.
set security state-insp tcp-timeout [ 30 - 65535 ]
Sets the stateful inspection TCP timeout interval, in seconds.