SMC Networks Barricade SMC7404BRA EU User Manual
Page 68
F
IREWALL
4-43
Stateful Packet
Inspection
This option allows you to select different
application types that are using dynamic port
numbers. If you wish to use Stateful Packet
Inspection (SPI) for blocking packets, click on
the “Yes” radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then
check the inspection type that you need, such as
Packet Fragmentation, TCP Connection, UDP
Session, FTP Service, H.323 Service, and TFTP
Service.
It is called a “stateful” packet inspection because
it examines the contents of the packet to
determine what the state of the communication
is, i.e. it ensures that the stated destination
computer has previously requested the current
communication. This is a way of ensuring that all
communications are initiated by the recipient
computer and are taking place only with sources
that are known and trusted from previous
interactions. In addition to being more rigorous
in their inspection of packets, stateful inspection
firewalls also close off ports until connection to
the specific port is requested.
When particular types of traffic are checked, only
the particular type of traffic initiated from the
Internal LAN will be allowed. For example, if the
user only checks “FTP Service” in the Stateful
Packet Inspection section, all incoming traffic
will be blocked except FTP connections initiated
from the local LAN.
Hacker Prevention
Feature
Discard Ping
from WAN
Discard
Prevents a PING on the Gateway’s WAN port
from being routed to the network.
Parameter
Defaults
Description