Advanced settings: firewall path dialog box, Advanced options, Permitesttcp – Compatible Systems 5.4 User Manual

134

Chapter 8 - IntraGuard Firewall Configuration

Advanced Settings: Firewall Path Dialog Box

Advanced Settings: Firewall Path Dialog Box

To access this dialog box, select FirewallPath/Settings from the Device View,
then click on the Advanced button.

Advanced Options

These settings allow detailed control of how certain packet types and sessions
will be handled on the path.

PermitEstTCP

This checkbox sets whether the path will permit TCP sessions for which the
IntraGuard did not see the SYN flag. The SYN flag is included in the header
of the first couple of TCP packets and indicates that a session is being estab-
lished. When checked, this allows established connections to continue after
rebooting the device, but it is also a less secure option. The default is
unchecked.

ResetRedirects

This checkbox sets whether the device will terminate sessions on a firewall
path where ICMP redirects have been sent. ICMP redirects are generated
when a device cannot route a packet correctly on its own. The effect can be
that three firewall path sessions will be created to route the packet correctly,
two of which will not be needed after the first packet gets delivered. The
default is unchecked.

SendTCPReset

This checkbox sets whether the device will send a TCP reset message to the
client when a TCP session has been rejected. The default is unchecked.