Use this page to turn on or off advanced network and traffic auditing features.
Navigation: NETWORK > Settings > Advanced.
|Block and ignore||ICMP ping broadcast||Prevents the Smoothwall from responding to ping broadcast messages from all network zones, including external zones. Internet Control Message Protocol (ICMP) ping broadcasts used to determine to determine the status of network devices. It can be used as a denial of service (DoS) attack.|
|ICMP ping||Blocks all ICMP ping requests going to the Smoothwall. This hides the Smoothwall from ICMP pings but can also make connectivity problems harder to diagnose.|
|ICMP timestamps||Blocks all ICMP time stamp requests going to the Smoothwall.|
|IGMP packets||Ignores all IGMP packets without generating log entries. Internet Group Management Protocol (IGMP) is used to establish multicast group membership. Typically, IGMP packets are harmless, and are most commonly observed when using cable modems to provide external connectivity.|
|Multicast traffic||Blocks all multicast traffic on address 220.127.116.11 from ISPs and prevents them from generating large volumes of log entries.|
|SYN+FIN packets||Discards packets used in SYN+FIN scans automatically. Typically, SYN and FIN scans generate large numbers of log entries.|
|Enable||SYN cookies||Defends against SYN flood attacks. The use of SYN cookies is a standard defense mechanism against a SYN flood attack, where many SYN packets (connection requests) are sent to a device as a DoS attack.|
|TCP timestamps||Turns on TCP timestamps to improve TCP performance in high speed links. (RFC1323)|
|Selective ACKs||Turns on selective ACKs (acknowledgments) to improve TCP performance in links where packet loss is high. (RFC2018)|
|Window scaling||Turns on TCP window scaling to improve TCP performance in high speed links.|
|ECN||Turns on Explicit Congestion Notification (ECN), a mechanism for avoiding network congestion. This feature is turned off by default because ECN needs communicating hosts to support it, and some routers are known to drop packets marked with the ECN bit.|
|ARP filter||Turns on the Address Resolution Protocol (ARP) filter. It filters out ARP flux.|
|ARP table size||
The maximum number of remembered hosts in the ARP table if the number of directly connected devices, or IP addresses, is more than the value shown in the list. Directly connected devices are those not behind an intermediate router but are instead, directly attached to one of the network interfaces of the Smoothwall Filter and Firewall. Typically, the default value of 2048 is adequate, but in very big networks, select a bigger value. Valid table sizes are:
|Connection tracking table size||The maximum number of connections to track. You can increase the size if the default is insufficient. During operation, the table is scaled automatically to an appropriate size within a specified limit, according to the number of active connections and their collective memory demands. Information about all connections known to the system is stored in the connection tracking table, including NAT-ed sessions, and traffic passing through the Smoothwall Firewall.|
|SYN backlog queue size||The maximum number of requests in a queue, waiting to be answered. Increasing the value might reduce connection problems for an extremely busy proxy service. 8192 is the default request queue size.|
Creates traffic logs to analyze incoming, outgoing, and forwarded traffic. View traffic audit logs from the Firewall page.
WARNING: Typically, traffic auditing generates large amounts of data. You must make sure that there's enough disk space in the Smoothwall before turning this on.
|Direct incoming traffic||Logs all new connections to all interfaces that are destined for the Smoothwall Firewall.|
|Forwarded traffic||Logs all new connections passing through one interface to another.|
|Direct outgoing traffic||Logs all new connections from any interface.|
|Network application helpers||Enables specified traffic to pass through the Smoothwall Firewall correctly. We recommend that you turn on the relevant network application helper if you use any of these protocols.|
|FTP||Ensures that File Transfer Protocol (FTP) active connection mode isn't affected by the Smoothwall Firewall.|
Indicates that pass-through of H.323 traffic can be used, a common protocol used in voice over IP (VoIP) applications. You can also receive incoming H.323 calls using a port forward on the H.323 port. This option is turned off by default because of a theoretical security risk associated with the use of H323 pass through. We recommend that you only enable this feature if you want VoIP functionality.
|IRC||Ensures that Internet Relay Chat (IRC) communication isn't adversely affected by the Smoothwall Firewall.|
|Advanced PPTP client support||Indicates that Point-to-Point Tunneling Protocol (PPTP) client traffic can be used. This is the protocol used in standard Windows VPNs. When turned off, PPTP clients can still connect through to a server on the outside, but not in all circumstances. Difficulties can occur if multiple clients on the local network want to connect to the same PPTP server on the Internet. In this case, this application helper should be used. When enabled, you can't forward PPTP traffic. For this reason, this option isn't selected by default.|
|SIP||Ensures that Session Initiation Protocol (SIP) communications aren't adversely affected by the Smoothwall Firewall.|
|Bad external traffic||Discards bad external traffic and either notifies the sender (Reject) or not (Drop). Typically, bad external traffic is those network packets requesting services or ports not supported by the Smoothwall access page. The Smoothwall Firewall rejects this traffic and a "no one here" ICMP message is bounced back to the sender. All such traffic is logged to the Smoothwall Firewall log.|
|Log invalid connection tracking packets||Logs network packets with a connection tracking state of INVALID and rejected to the Smoothwall Firewall log. This can be for any number of reasons, including that the Smoothwall is not aware of the connection when it was started or it not seeing any packets from this connection for some time.|