Manage Smoothwall Appliance advanced network settings

You can use the Network > Settings > Advanced page to turn advanced network and traffic audit features on or off.

Block and ignore

When these checkboxes are selected, Smoothwall Appliance blocks and ignores traffic for:

• ICMP ping broadcast: On by default
• ICMP ping
• ICMP timestamps: On by default
• IGMP packets
• Multicast traffic
• SYN+FIN packets

Enable

When these checkboxes are selected, these features are on:

• SYN cookies
• TCP timestamps: On by default
• Selective ACKs: On by default
• Window scaling: On by default
• ECN
• ARP filter

Arp table size

The default table size is 16348; you can edit it to 1024, 2048, 4096, or 8192.

Connection tracking table size

The default table size is Auto (126301), or select the blank option and enter a custom value.

SYN backlog queue size

The default queue size is 65536; you can edit it to a lower value.

Audit

When the Audit checkboxes are selected, the Smoothwall Appliance logs all new connections to your Firewall logs, which can take up disk space. All are off by default.

• Direct incoming traffic: To all interfaces for traffic destined for the Smoothwall Firewall.
• Forwarded traffic: Passing through one interface to another.
• Direct outgoing traffic: Outgoing from any interface.

Network application helpers

Network application helpers (sometimes called Application Layer Gateways) can help help support specific types of traffic through your network. All helpers off by default:

• FTP
• H.323
• IRC
• Advanced PPTP client support
• SIP

Bad external traffic

This setting determines how the Smoothwall Appliance deals with traffic that doesn’t match a Port forwards rule.

• Drop: Silently discards the traffic. This is the default setting.
• Reject: Rejects the traffic and notifies the sender that the traffic was rejected.

Log invalid connection tracking packets

To log network packets with an invalid connection tracking state, select the Enabled checkbox. This setting is off by default.