ZyXEL Communications Corporation NBG417N Manual De Usuario
Chapter 13 Firewall
User
’s Guide
145
Click Security > Firewall > Services. The screen appears as shown next.
Figure 75 Security > Firewall > Services l
The following table describes the labels in this screen.
Table 51 Security > Firewall > Services
LABEL
DESCRIPTION
ICMP
Internet Control Message Protocol is a message control and error-
reporting protocol between a host server and a gateway to the Internet.
ICMP uses Internet Protocol (IP) datagrams, but the messages are
processed by the TCP/IP software and directly apparent to the
application user.
reporting protocol between a host server and a gateway to the Internet.
ICMP uses Internet Protocol (IP) datagrams, but the messages are
processed by the TCP/IP software and directly apparent to the
application user.
Respond to Ping
on
on
The NBG4115 will not respond to any incoming Ping requests when
Disable is selected. Select LAN to reply to incoming LAN Ping requests.
Select WAN to reply to incoming WAN Ping requests. Otherwise select
LAN & WAN to reply to all incoming LAN and WAN Ping requests.
Disable is selected. Select LAN to reply to incoming LAN Ping requests.
Select WAN to reply to incoming WAN Ping requests. Otherwise select
LAN & WAN to reply to all incoming LAN and WAN Ping requests.
Do not respond
to requests for
unauthorized
services
unauthorized
services
Select this option to prevent hackers from finding the NBG4115 by
probing for unused ports. If you select this option, the NBG4115 will not
respond to port request(s) for unused ports, thus leaving the unused
ports and the NBG4115 unseen. By default this option is not selected
and the NBG4115 will reply with an ICMP Port Unreachable packet for a
port probe on its unused UDP ports, and a TCP Reset packet for a port
probe on its unused TCP ports.
respond to port request(s) for unused ports, thus leaving the unused
ports and the NBG4115 unseen. By default this option is not selected
and the NBG4115 will reply with an ICMP Port Unreachable packet for a
port probe on its unused UDP ports, and a TCP Reset packet for a port
probe on its unused TCP ports.
Note that the probing packets must first traverse the NBG4115's firewall
mechanism before reaching this anti-probing mechanism. Therefore if
the firewall mechanism blocks a probing packet, the NBG4115 reacts
based on the firewall policy, which by default, is to send a TCP reset
packet for a blocked TCP packet. You can use the command "sys firewall
mechanism before reaching this anti-probing mechanism. Therefore if
the firewall mechanism blocks a probing packet, the NBG4115 reacts
based on the firewall policy, which by default, is to send a TCP reset
packet for a blocked TCP packet. You can use the command "sys firewall
tcprst rst [on|off]" to change this policy. When the firewall mechanism
blocks a UDP packet, it drops the packet without sending a response
packet.
blocks a UDP packet, it drops the packet without sending a response
packet.
Apply
Click Apply to save the settings.
Reset
Click Reset to start configuring this screen again.
om
pan
y
on
fiden
tial