4.7.3 Protected Ports. Advantech EKI-7710G-2CI, EKI-7710E-2C, EKI-7710G-2CPI, EKI-7710G-2CP
Add to My manuals156 Pages
advertisement
4.7.3
Protected Ports
The Protected Port page allows you to configure a single or multiple ports as a protected or unprotected type.
To access this page, click
Security
>
Protected Ports
.
Figure 4.58 Security > Protected Ports
The following table describes the items in the previous figure.
Item Description
Port List
Port Type
Apply
Enter the port number to designate for the Protected Port setting.
Select
Unprotected
or
Protected
to define the port type.
Click
Apply
to save the values and update the screen.
The ensuing table for
Protected Ports Status
settings are informational only: Protected Ports and Unprotected Ports.
4.7.4
DoS Prevention
The DoS Prevention page allows you to setup (enabled or disabled) the denial of service.
4.7.4.1
DoS Global Settings
The DoS Global Settings page allows you to configure (enabled or disabled) the setting for each function.
74 EKI-7710 Series User Manual
To access this page, click
Security
>
DoS Prevention
>
DoS Global Settings
.
Figure 4.59 Security > DoS Prevention > DoS Global Settings
The following table describes the items in the previous figure.
Item
DMAC = SMAC
LAND
UDP Blat
TCP Blat
POD
Description
Click
Enabled
or
Disabled
to define DMAC-SMAC for the DoS Global settings.
Click
Enabled
or
Disabled
to define LAND for the DoS Global settings.
Click
Enabled
or
Disabled
to define UDP Blat for the DoS Global settings.
Click
Enabled
or
Disabled
to define TCP Blat for the DoS Global settings.
Click
Enabled
or
Disabled
to define POD for the DoS Global settings.
EKI-7710 Series User Manual 75
Item Description
IPv6 Min Fragment Click
Enabled
or
Disabled
to define minimum fragment size for the
IPv6 protocol.
Enter the variable in bytes (0 to 65535) to set the minimum fragment size when the function is enabled.
ICMP Fragments Click
Enabled
or
Disabled
to define the ICMP Fragments function.
IPv4 Ping Max Size Click
Enabled
or
Disabled
to set the maximum ping size for the IPv4 protocol.
IPv6 Ping Max Size Click
Enabled
or
Disabled
to set a maximum ping size for the IPv6 protocol.
Ping Max Size Setting
Enter the variable in bytes (0 to 65535) to set the maximum ping size.
Smurf Attack
TCP Min Hdr Size
Click
Enabled
or
Disabled
to set the Smurf Attack function.
Click
Enabled
or
Disabled
to set the minimum header size.
Enter the variable in bytes (0 to 31) to set the minimum header size.
TCP-SYN (SPORT <
1024)
Null Scan Attack
Click
Enabled
or
Disabled
to set the TCP synchronization function
(sport < 1021).
Click
Enabled
or
Disabled
to set the Null Scan Attack function.
X-Mas Scan Attack Click
Enabled
or
Disabled
to set the X-Mas Scan function.
TCP SYN-FIN Attack Click
Enabled
or
Disabled
to set the TCP synchronization termination attack function.
TCP SYN-RST
Attack
TCP Fragment (Offset = 1)
Apply
Click
Enabled
or
Disabled
to set the TCP synchronization reset attack function.
Click
Enabled
or
Disabled
to set the TCP fragment function (offset
=1).
Click
Apply
to save the values and update the screen.
The ensuing table for
DoS Global Information
settings are informational only:
DMAC = SMAC, Land Attack, UDP Blat, TCP Blat, POD (Ping of Death), IPv6 Min
Fragment Size, ICMP Fragment Packets, IPv4 Ping Max Packet Size, IPv6 Ping Max
Packet Size, Smurf Attack, TCP Min Header Length, TCP Syn (SPORT < 1024), Null
Scan Attack, X-Mas Scan Attack, TCP SYN-FIN Attack, TCP SYN-RST Attack and
TCP Fragment (Offset = 1).
4.7.4.2
DoS Port Settings
The DoS Port Settings page allow you to configure DoS security (enabled or disabled) for the selected port.
To access this page, click
Security
>
DoS Prevention
>
DoS Port Settings
.
Figure 4.60 Security > DoS Prevention > DoS Port Settings
The following table describes the items in the previous figure.
Item
Port
Description
Select the port to configure for the DoS prevention function.
76 EKI-7710 Series User Manual
advertisement