4 defining forwarding database – Fortinet 548B User Manual

Page 635

Advertising
background image

- 635 -

SMAC=DMAC - Enable or disable this option by selecting the corresponding line on the pulldown
entry field. Enabling SMAC=DMAC DoS prevention causes the switch to drop packets that have a
source MAC address equal to the destination MAC address. The factory default is disabled.

TCP FIN&URG&PSH - Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling TCP FIN & URG & PSH DoS prevention causes the switch to drop
packets that have TCP Flags FIN, URG, and PSH set and TCP Sequence Number=0. The factory
default is disabled.

TCP Flag&Sequence - Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling TCP Flag DoS prevention causes the switch to drop packets that have
TCP control flags set to 0 and TCP sequence number set to 0. The factory default is disabled.

TCP SYN - Enable or disable this option by selecting the corresponding line on the pulldown entry
field. Enabling TCP SYN DoS prevention causes the switch to drop packets that have TCP Flags
SYN set. The factory default is disabled.

TCP SYN&FIN - Enable or disable this option by selecting the corresponding line on the pulldown
entry field. Enabling TCP SYN & FIN DoS prevention causes the switch to drop packets that have
TCP Flags SYN and FIN set. The factory default is disabled.

First Fragment - Enable or disable this option by selecting the corresponding line on the pulldown
entry field. Enabling First Fragment DoS prevention causes the switch to drop packets that have a
More fragment equal to 1 and coorperate with other DoS options. The factory default is disabled.

TCP Offset - Enable or disable this option by selecting the corresponding line on the pulldown entry
field. Enabling TCP Offset DoS prevention causes the switch to drop packets that have a TCP
header Offset=1. The factory default is disabled.

Configurable Data

Min TCP Hdr Size - Specify the Min TCP Hdr Size allowed. If First Fragment DoS prevention is
enabled, the switch will drop packets that have a TCP header smaller then this configured Min TCP
Hdr Size. The factory default value is 20.

Max ICMPv4 Pkt Size - Specify the Max ICMPv4 Pkt Size allowed. If ICMP DoS prevention is
enabled, the switch will drop IPv4 ICMP ping packets that have a size greater then this configured
Max ICMP Pkt Size. The factory default value is 512.

Max ICMPv6 Pkt Size - Specify the Max IPv6 ICMP Pkt Size allowed. If ICMP DoS prevention is
enabled, the switch will drop IPv6 ICMP ping packets that have a size greater then this configured
Max ICMP Pkt Size. The factory default value is 512.

Command Buttons

Submit - Update the switch with the values on the screen. If you want the switch to retain the new
values across a power cycle you must perform a save.

11.2.4

Defining Forwarding Database

11.2.4.1 Configuring MAC Table aging interval time Page

Use this panel to set the Address Ageing Timeout for the forwarding database.

Advertising
Popular Brands
Popular manuals