beautypg.com

SMC Networks Barricade SMC7404BRA EU User Manual

Page 68

background image

F

IREWALL

4-43

Stateful Packet

Inspection

This option allows you to select different

application types that are using dynamic port

numbers. If you wish to use Stateful Packet

Inspection (SPI) for blocking packets, click on

the “Yes” radio button in the “Enable SPI and

Anti-DoS firewall protection” field and then

check the inspection type that you need, such as

Packet Fragmentation, TCP Connection, UDP

Session, FTP Service, H.323 Service, and TFTP

Service.
It is called a “stateful” packet inspection because

it examines the contents of the packet to

determine what the state of the communication

is, i.e. it ensures that the stated destination

computer has previously requested the current

communication. This is a way of ensuring that all

communications are initiated by the recipient

computer and are taking place only with sources

that are known and trusted from previous

interactions. In addition to being more rigorous

in their inspection of packets, stateful inspection

firewalls also close off ports until connection to

the specific port is requested.
When particular types of traffic are checked, only

the particular type of traffic initiated from the

Internal LAN will be allowed. For example, if the

user only checks “FTP Service” in the Stateful

Packet Inspection section, all incoming traffic

will be blocked except FTP connections initiated

from the local LAN.

Hacker Prevention

Feature

Discard Ping

from WAN

Discard

Prevents a PING on the Gateway’s WAN port

from being routed to the network.

Parameter

Defaults

Description