Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ESTABLISHED Timeout: How long to stay in the ESTABLISHED state before closing the<br />
connection.<br />
ERROR Timeout: How long to maintain a connection in an Error state. (For UDP connections, the<br />
error can be caused by any of a variety of UDP problems. For TCP connections, the errors are<br />
probably due to packets being dropped by the firewall.)<br />
DISCONNECT Timeout: How long to maintain idle connections before disconnecting.<br />
CLOSE_WAIT Timeout: How long to stay in the CLOSE-WAIT state before closing the<br />
connection.<br />
CLOSING Timeout: How long to stay in the CLOSING state before closing the connection.<br />
LAST_ACK Timeout: How long to stay in the LAST-ACK state before closing the connection.<br />
Boot Start Timeout: For gateway use. When a gateway is booted, there may already exist<br />
established connections passing through the gateway. This timeout defines the amount of time to<br />
allow non-SYN packets that could be part of a connection that was established before the<br />
gateway was booted to close.<br />
Cold Start Timeout: Amount of time to allow non-SYN packets that could belong to a connection<br />
that was established before the stateful mechanism was started.<br />
UDP Timeout: Maximum duration of a UDP connection.<br />
ICMP Timeout: Maximum duration of an ICMP connection.<br />
Allow Null IP: Allow or block packets with no source and/or destination IP address.<br />
Block IPv6: Block or Allow IPv6 packets. (DPI Filtering of IPv6 traffic is not supported. It can<br />
only be blocked or allowed.)<br />
Connection Cleanup Timeout: Time between cleanup of closed connections (see next).<br />
Maximum Connections per Cleanup: Maximum number of closed connections to cleanup per<br />
periodic connection cleanup (see previous).<br />
Block Same Src-Dest IP Address: Block or allow packets with same source and destination IP<br />
address. (Doesn't apply to loopback interface.)<br />
Maximum TCP Connections: Maximum simultaneous TCP Connections.<br />
Maximum UDP Connections: Maximum simultaneous UDP Connections.<br />
Maximum ICMP Connections: Maximum simultaneous ICMP Connections.<br />
Maximum Events per Second: Maximum number of events that can be written per second.<br />
TCP MSS Limit: The MSS is the Maximum Segment Size (or largest amount of data) that can be<br />
sent in a TCP packet without being fragmented. This is usually established when two computers<br />
establish communication. However, in some occasions, the traffic goes through a router or switch<br />
that has a smaller MSS. In this case the MSS can change. This causes retransmission of the<br />
packets and the Client Plug-in logs them as "Dropped Retransmit”. In cases where there are large<br />
numbers of Dropped Retransmit event entries, you may wish to lower this limit and see if the<br />
volume is reduced.<br />
Number of Event Nodes: The maximum amount of kernel memory the driver will use to store<br />
log/event information for folding at any one time.<br />
Event folding occurs when many Events of the same type occur in succession. In such cases, the<br />
Client Plug-in will "fold" all the events into one.<br />
Ignore Status Code: This option lets you ignore certain types of Events. If, for example, you<br />
are getting a lot of "Invalid Flags" you can simply ignore all instances of that Event.<br />
Ignore Status Code: Same as above.<br />
Ignore Status Code: Same as above.<br />
Advanced Logging Policy:<br />
o Bypass: No filtering of Events. Overrides the "Ignore Status Code" settings (above) and<br />
other advanced settings, but does not override logging settings defined in the IDF<br />
Server Plug-in. For example, if Stateful Configuration logging options set from a Stateful<br />
Configuration Properties window in the IDF Server Plug-in will not be affected.<br />
o Default: Will switch to "Tap Mode" (below) if the engine is in Tap Mode, and will switch<br />
to "Normal" (above) if the engine is in Inline Mode.<br />
o Normal: All Events are logged except dropped retransmits.<br />
o Backwards Compatibility Mode: For <strong>Trend</strong> <strong>Micro</strong> support use only.<br />
o Verbose Mode: Same as "Normal" but including dropped retransmits.<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 61 -