Configuring the barricade™ router 66 – SMC Networks SMC7004ABR V.2 User Manual

Configuring the Barricade™ Router

66

Stateful Packet Inspection allows you to select different
application types that are using dynamic port numbers. If you
wish to use the Stateful Packet Inspection (SPI) to block
packets, click on the Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then check the
inspection type that you need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP Service, H.323 Service,
and TFTP Service.

•

When hackers attempt to enter your network, we can alert

you by e-mail – Enter your E-mail address. Specify your
SMTP and POP3 servers, user name, and password.

•

Connection Policy – Enter the appropriate values for TCP/

UDP sessions as described in the following table.

Parameter

Defaults

Description

Fragmentation
half-open wait

10 sec

Configures the number of seconds
that a packet state structure
remains active. When the timeout
value expires, the router drops the
unassembled packet, freeing that
structure for use by another packet.

TCP SYN wait

30 sec

Defines how long the software will
wait for a TCP session to
synchronize before dropping the
session.

TCP FIN wait

5 sec

Specifies how long a TCP session
will be maintained after the firewall
detects a FIN packet.

TCP connection
idle timeout

3600
seconds
(1 hour)

The length of time a TCP session
will be maintained if there is no
activity.

UDP session idle
timeout

30 sec

The length of time a UDP session
will maintained if there is no activity.

H.323 data
channel idle
timeout

180 sec

The length of time an H.323
session will be maintained if there
is no activity.