Amer Networks E5 CLI User Manual

IP6OPT_RA

Validate Router Alert packets. (Default: Ignore)

IP6OPT_HA

Validate Home Address option packets. (Default:
Ignore)

IP6OPT_OTH

Validate

unknown

option

types.

(Default:

RFC2460Log)

IP6_RH0

Validate routing header type 0 option. (Default:
RFC5095NoSupportLog)

IP6_RH2

Validate routing header type 2 option. (Default:
RFC2460NoSupportLog)

IP6_RHOther

Validate routing header other than type 0 or 2
option. (Default: RFC2460NoSupportLog)

IP6OnLocalUnrecognizedHdr

How to handle packets destined to the SGW with
unrecognized IPV6 headers. (Default: DropLog)

LogCheckSumErrors

Log IP packets with bad checksums. (Default: Yes)

LogNonIPv4IPv6

Log occurrences of non-IPv4/IPv6 packets. (Default:
Yes)

LogReceivedTTL0

Log received packets with TTL=0; this should never
happen! (Default: Yes)

Log0000Src

Log invalid 0.0.0.0 source address. (Default: Drop)

Block0Net

Block 0.* source addresses. (Default: DropLog)

Block127Net

Block 127.* source addresses. (Default: DropLog)

BlockMulticastSrc

Block

multicast

source

addresses

(224.0.0.0--239.255.255.255). (Default: DropLog)

TTLMin

The minimum IP Time-To-Live value accepted on
receipt. (Default: 3)

TTLOnLow

What action to take on too low unicast TTL values.
(Default: DropLog)

TTLMinMulticast

The minimum IP multicast Time-To-Live value
accepted on receipt. (Default: 3)

TTLOnLowMulticast

What action to take on too low multicast TTL
values. (Default: DropLog)

DefaultTTL

The default IP Time-To-Live of packets originated
by the security gateway (32-255). (Default: 255)

LayerSizeConsistency

TCP/UDP/ICMP/etc layer data and header sizes
matching lower layer size information. (Default:
ValidateLogBad)

SecuRemoteUDPEncapCompat

Allow IP data to contain eight bytes more than the
UDP total length field specifies -- Checkpoint
SecuRemote violates NAT-T drafts. (Default: No)

IPOptionSizes

Validity of IP header option sizes. (Default:
ValidateLogBad)

Chapter 3: Configuration Reference

189