Configuring advanced network and traffic auditing parameters

Procedure

On the NETWORK menu, under the Settings submenu, click Advanced.
Under the Networking features section:
- To Block and ignore certain types of traffic, select the options that apply:
  - To prevent the Smoothwall from responding to ping broadcast messages from all network zones, including external zones, select the ICMP ping broadcast option.
  - To block all ICMP ping requests going to the Smoothwall, select the ICMP timestamps option.
  - To block all ICMP time stamp requests going to the Smoothwall, select the IGMP packets option.
  - To block all multicast traffic on address 224.0.0.0 from ISPs and prevent them from generating large volumes of spurious log entries, select the Multicast traffic option.
  - To discard packets used in SYN+FIN scans automatically, select the SYN+FIN packets option.
- To Enable advanced networking features, select the options that apply:
  - To defend against SYN flood attacks, turn on SYN cookies by selecting the SYN cookies option.
  - To improve TCP performance in high speed links, turn on TCP timestamps by selecting the TCP timestamps option.
  - To improve TCP performance in links where packet loss is high, turn on selective ACKs (acknowledgments) by selecting the Selective ACKs option.
  - To improve TCP performance in high speed links, turn on TCP window scaling by selecting the Window scaling option.
  - To avoid network congestion, turn on Explicit Congestion Notification by selecting the ECN option.
  - To filter out ARP flux, turn on the Address Resolution Protocol filter by selecting the ARP filter option.
- If the number of directly connected devices, or IP addresses, is more than the value shown for the ARP table size, from the list, select the maximum number of remembered hosts in the ARP table.
- If clients are unable to open new connections under a heavy load, enter an increased value for the Connection tracking table size.
- If you have connection issues on a busy system, from the SYN backlog queue size list, select a larger value.
- If you are experiencing issues with your traffic, you can turn on auditing to analyze traffic:
  WARNING: Traffic auditing generates large amounts of data. Before selecting to turn any of these options on, you must make sure that your Smoothwall Firewall has enough disk space.
  - To log all new connections to all interfaces destined for the Smoothwall Firewall, select the Direct incoming traffic option.
  - To log all new connections passing through one interface to another, select the Forwarded traffic option.
  - To log all new connections from any interface, select the Direct outgoing traffic option.
  To view the logs from the audits, see our help topic, Reviewing and exporting the Smoothwall Firewall logs.
- To allow specified traffic to pass through the Smoothwall Firewall correctly, turn on the Network application helpers for the protocol that you use:
  - To access IP information embedded within File Transfer Protocol (FTP) traffic, turn on the FTP helper by selecting the FTP option.
  - To use in voice over IP (VoIP) applications, turn on the H.323 helper by selecting the H.323 option.
  - To allow Internet Relay Chat (IRC) traffic, turn on the IRC helper by selecting the IRC option.
  - To allow Point-to-Point Tunneling Protocol (PPTP) client traffic, turn on the PPTP helper by selecting the Advanced PPTP client support option.
  - To access IP information embedded within Session Initiation Protocol (SIP) traffic, turn on the SIP helper by selecting the SIP option.
- To manage Bad external traffic:
  - To notify the sender when bad external traffic is rejected, from the list, select "Reject".
  - To silently drop bad external traffic, so that you can stealth your Smoothwall Firewall, to make port scans, much harder to do, from the list, select "Drop".
- To log network packets with an invalid connection tracking state, select the Log invalid connection tracking packets Enabled option.
Click Save changes.