Firewall settings dialog box, Syn timer, Fin timer – Compatible Systems 5.4 User Manual

146

Chapter 8 - IntraGuard Firewall Configuration

Firewall Settings Dialog Box

Firewall Settings Dialog Box

To access this dialog box, select Global/Firewall Settings from the Device
View. The dialog box Firewall Settings appears on the Main Screen.

This dialog box is used to set global timers for the firewall.

SYN Timer

This field sets the number of seconds the firewall will wait without receiving
a response to a SYN TCP packet before clearing a TCP session. The SYN flag
is included in the header of the first couple of TCP packets and indicate that
a session is being established. If the SYN Timer is set too low, half-open
sessions may accumulate. If the SYN Timer is set too high, there may not be
enough time to complete the handshake and establish a session. Values may
range from 0 to 120. The default is 20 seconds.

FIN Timer

This field sets the number of seconds the firewall will wait without receiving
a response to a FIN TCP packet before clearing a TCP session. TCP specifies
that for a session to be fully closed down, both ends of the connection must
send out a FIN packet. If the FIN Timer is too high, half-shut sessions may
accumulate. If the FIN Timer is too low, sessions may be shut down too
quickly. Values may range from 0 to 120. The default is 10 seconds.