Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Stateful Configurations<br />
IDF's Stateful Configuration mechanism analyzes each packet in the context of traffic history, correctness<br />
of TCP and IP header values, and TCP connection state transitions. In the case of stateless protocols like<br />
UDP and ICMP, a pseudo-stateful mechanism is implemented based on historical traffic analysis. Packets<br />
are handled by the stateful mechanism as follows:<br />
1. A packet is passed to the stateful routine if it has been allowed through by the static <strong>Firewall</strong> Rule<br />
conditions,<br />
2. The packet is examined to determine whether it belongs to an existing connection by checking a<br />
connection table created by the stateful mechanism for matching end points, and<br />
3. The TCP header is examined for correctness (e.g. sequence numbers, flag combinations, etc.).<br />
Stateful Configuration icons:<br />
Normal Stateful Configurations<br />
The Stateful Configuration screen lets you define multiple stateful inspection configurations which you<br />
can then include in your Security Profiles. From the toolbar or shortcut menu you can:<br />
Create New ( New) Stateful Configurations from scratch<br />
Import ( ) Stateful Configuration from an XML file<br />
Examine or modify the Properties ( ) of an existing Stateful Configuration<br />
Duplicate ( ) (and then modify) existing Stateful Configurations<br />
Delete a Stateful Configuration ( )<br />
Export ( ) one or more Stateful Configurations to an XML file. (Either export them all by click<br />
the Export... button, or choose from the drop-down list to export only those that are selected or<br />
displayed)<br />
Clicking New ( New) or Properties ( ) displays the Stateful Configuration properties window.<br />
Stateful Configuration Properties<br />
General Information<br />
Name: The name of the Stateful Configuration.<br />
Description: Type a description of the Stateful Configuration. This description will only appear<br />
here.<br />
IP Packet Inspection<br />
Deny all incoming fragmented packets: If this option is enabled, all fragmented packets are<br />
dropped with the following log entry: "IP fragmented packet". The one exception to this rule is<br />
the presence of packets with a total length smaller than the IP header length. Such packets are<br />
dropped silently.<br />
Attackers sometimes create and send fragmented packets in an attempt to bypass <strong>Firewall</strong> Rules.<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 34 -