Use this page to turn on or off advanced network and traffic auditing features.
Procedure
- On the NETWORK menu, under the Settings submenu, click Advanced.
- Under the Networking features section:
- To Block and ignore certain types of traffic, select the options that apply:
- To prevent the Smoothwall from responding to ping broadcast messages from all network zones, including external zones, select the ICMP ping broadcast option.
- To block all ICMP ping requests going to the Smoothwall, select the ICMP timestamps option.
- To block all ICMP time stamp requests going to the Smoothwall, select the IGMP packets option.
- To block all multicast traffic on address 224.0.0.0 from ISPs and prevent them from generating large volumes of spurious log entries, select the Multicast traffic option.
- To discard packets used in SYN+FIN scans automatically, select the SYN+FIN packets option.
- To Enable advanced networking features, select the options that apply:
- To defend against SYN flood attacks, turn on SYN cookies by selecting the SYN cookies option.
- To improve TCP performance in high speed links, turn on TCP timestamps by selecting the TCP timestamps option.
- To improve TCP performance in links where packet loss is high, turn on selective ACKs (acknowledgments) by selecting the Selective ACKs option.
- To improve TCP performance in high speed links, turn on TCP window scaling by selecting the Window scaling option.
- To avoid network congestion, turn on Explicit Congestion Notification by selecting the ECN option.
- To filter out ARP flux, turn on the Address Resolution Protocol filter by selecting the ARP filter option.
- If the number of directly connected devices, or IP addresses, is more than the value shown for the ARP table size, from the list, select the maximum number of remembered hosts in the ARP table.
The maximum number of remembered hosts in the ARP table if the number of directly connected devices, or IP addresses, is more than the value shown in the list. Directly connected devices are those not behind an intermediate router but are instead, directly attached to one of the network interfaces of the Smoothwall Filter and Firewall. Typically, the default value of 2048 is adequate, but in very big networks, select a bigger value. Valid table sizes are:
- 1024
- 2048
- 4096
- 8192
- 16384
- If clients are unable to open new connections under a heavy load, enter an increased value for the Connection tracking table size. The maximum number of connections to track. You can increase the size if the default is insufficient. During operation, the table is scaled automatically to an appropriate size within a specified limit, according to the number of active connections and their collective memory demands. Information about all connections known to the system is stored in the connection tracking table, including NAT-ed sessions, and traffic passing through the Smoothwall Firewall.
- If you have connection issues on a busy system, from the SYN backlog queue size list, select a larger value than the default 8192.
- If you are experiencing issues with your traffic, you can turn on auditing to analyze traffic:
WARNING: Traffic auditing generates large amounts of data. Before selecting to turn any of these options on, you must make sure that your Smoothwall Firewall has enough disk space.
- To log all new connections to all interfaces destined for the Smoothwall Firewall, select the Direct incoming traffic option.
- To log all new connections passing through one interface to another, select the Forwarded traffic option.
- To log all new connections from any interface, select the Direct outgoing traffic option.
To view the logs from the audits, see our help topic, Reviewing and exporting the Smoothwall Firewall logs.
- To allow specified traffic to pass through the Smoothwall Firewall correctly, turn on the Network application helpers for the protocol that you use:
- To access IP information embedded within File Transfer Protocol (FTP) traffic, turn on the FTP helper by selecting the FTP option.
- To use in voice over IP (VoIP) applications, turn on the H.323 helper by selecting the H.323 option. You can also receive incoming H.323 calls using a port forward on the H.323 port. This option is turned off by default because of a theoretical security risk associated with the use of H323 pass through. We recommend that you only enable this feature if you want VoIP functionality.
- To allow Internet Relay Chat (IRC) traffic, turn on the IRC helper by selecting the IRC option.
- To allow Point-to-Point Tunneling Protocol (PPTP) client traffic, turn on the PPTP helper by selecting the Advanced PPTP client support option. Difficulties can occur if multiple clients on the local network want to connect to the same PPTP server on the Internet. In this case, this application helper should be used. When enabled, you can't forward PPTP traffic. For this reason, this option isn't selected by default.
- To access IP information embedded within Session Initiation Protocol (SIP) traffic, turn on the SIP helper by selecting the SIP option.
- To manage Bad external traffic:
- To notify the sender when bad external traffic is rejected, from the list, select "Reject".
- To silently drop bad external traffic, so that you can stealth your Smoothwall Firewall, to make port scans, much harder to do, from the list, select "Drop".
- To log network packets with an invalid connection tracking state, select the Log invalid connection tracking packets Enabled option.
- To Block and ignore certain types of traffic, select the options that apply:
- Click Save changes.