Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility Access Point System Reference Guide

541

53-1003100-01

8

16. Refer to the Firewall Enhanced Logging field to set the following parameters:

17. Select the Enable Stateful DHCP Checks radio button to enable the stateful checks of DHCP

packet traffic through the firewall. The default setting is enabled. When enabled, all DHCP
traffic flows are inspected.

18. Define Flow Timeout intervals for the following flow types impacting the firewall:

19. Refer to the TCP Protocol Checks field to set the following parameters:

SIP ALG

Select the Enable box to allow SIP traffic through the firewall using its default ports. This
feature is enabled by default.

SCCP ALG

Select the check box to allow SCCP traffic through the firewall using its default ports. This
feature is enabled by default. Signalling Connection Control Part (SCCP) is a network
protocol that provides routing, flow control and error correction in telecommunication
networks.

FaceTime ALG

Select the check box to allow Apple’s FaceTime video calling traffic through the firewall
using its default port. This feature is enabled by default.

Log Dropped ICMP Packets

Use the drop-down menu to define how dropped ICMP packets are logged. Logging can be
rate limited for one log instance every 20 seconds. Options include Rate Limited, All or
None. The default setting is None.

Log Dropped Malformed
Packets

Use the drop-down menu to define how dropped malformed packets are logged. Logging
can be rate limited for one log instance every 20 seconds. Options include Rate Limited,
All or None. The default setting is None.

Enable Verbose Logging

Select this option to enable verbose logging for dropped packets. This setting is disabled
by default.

TCP Close Wait

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.

TCP Established

Define a flow timeout value in either Seconds (15 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 90 minutes.

TCP Reset

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.

TCP Setup

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.

Stateless TCP Flow

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 90 seconds.

Stateless FIN/RESET Flow

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 10 seconds.

ICMP

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 30 seconds.

UDP

Define a flow timeout value in either Seconds (15 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 30 seconds.

Any Other Flow

Define a flow timeout value in either Seconds (1 - 32,400), Minutes (1 - 540) or
Hours (1 - 9). The default setting is 30 seconds.

Check TCP states where a
SYN packet tears down the
flow

Select the check box to allow a SYN packet to delete an old flow in TCP_FIN_FIN_STATE
and TCP_CLOSED_STATE and create a new flow. The default setting is enabled.