Network security, No response to non-syn first packet of a tcp flow, Prioritizing management traffic – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 13: Chapter 1

Advertising
background image

Brocade Virtual ADX Security Guide

1

53-1003250-01

Chapter

1

Network Security

No response to non-SYN first packet of a TCP flow

The Brocade Virtual ADX Application Delivery Switch (Brocade Virtual ADX) can remain passive for
non-SYN packet in the beginning of the flow. The default behavior is to send a TCP RST packet to
client when a non-SYN packet is received at the beginning.

By default, the Brocade Virtual ADX responds with a TCP RST packet whenever it receives a
non-SYN TCP packet from a client destined for a VIP if there is no matching session.

If you want the Brocade Virtual ADX to remain passive, use the following command to ensure that
no RST packet is sent to the client.

Virtual ADX(config)#server reset-on-syn-only

Syntax: [no] server reset-on-syn-only

Prioritizing management traffic

Brocade Virtual ADX software allows the system to prioritize traffic destined to the management IP
address in order to facilitate uninterrupted access to the Brocade Virtual ADX even under heavy
load conditions. This feature allows you to prioritize management traffic based on the following.

Destination IP

TCP or UDP port number

With this feature turned on, the specified traffic is directly forwarded to the management IP. In the
following example, traffic destined to management IP 10.45.16.104 for TCP port 22 (SSH) is
prioritized.

Virtual ADX(config)# server prioritize-mgmt-traffic any 10.45.16.104 6 22

Syntax: [no] server prioritize-mgmt-traffic any <destination_ip> [ protocol ] [ port ]

The destination_ip variable specifies the Destination management IP address. The destination IP
address must already be configured on the Brocade Virtual ADX. If the IP address is not configured,
the command is rejected.

The protocol variable specifies any protocol.

The port variable specifies a TCP or UDP port.

Syntax:

NOTE

The prioritizing management traffic feature should not be enabled for a Brocade Virtual ADX router
VE address if this interface is used for source-NAT as that would break the SLB traffic flow. Refer to
the following examples.

Advertising
Popular Brands
Popular manuals