Справочник Пользователя для SonicWALL 5.8.1
Firewall Settings > Advanced
712
SonicOS 5.8.1 Administrator Guide
The Firewall Settings > Advanced page includes the following firewall configuration option
groups:
groups:
•
•
•
•
•
•
•
•
Detection Prevention
•
Enable Stealth Mode - By default, the security appliance responds to incoming connection
requests as either “blocked” or “open.” If you enable Stealth Mode, your security appliance
does not respond to blocked inbound connection requests. Stealth Mode makes your
security appliance essentially invisible to hackers.
requests as either “blocked” or “open.” If you enable Stealth Mode, your security appliance
does not respond to blocked inbound connection requests. Stealth Mode makes your
security appliance essentially invisible to hackers.
•
Randomize IP ID - Select Randomize IP ID to prevent hackers using various detection
tools from detecting the presence of a security appliance. IP packets are given random IP
IDs, which makes it more difficult for hackers to “fingerprint” the security appliance.
tools from detecting the presence of a security appliance. IP packets are given random IP
IDs, which makes it more difficult for hackers to “fingerprint” the security appliance.
•
Decrement IP TTL for forwarded traffic - Time-to-live (TTL) is a value in an IP packet that
tells a network router whether or not the packet has been in the network too long and should
be discarded. Select this option to decrease the TTL value for packets that have been
forwarded and therefore have already been in the network for some time.
tells a network router whether or not the packet has been in the network too long and should
be discarded. Select this option to decrease the TTL value for packets that have been
forwarded and therefore have already been in the network for some time.
–
Never generate ICMP Time-Exceeded packets - The SonicWALL appliance
generates Time-Exceeded packets to report when it has dropped a packet because its
TTL value has decreased to zero. Select this option if you do not want the SonicWALL
appliance to generate these reporting packets.
generates Time-Exceeded packets to report when it has dropped a packet because its
TTL value has decreased to zero. Select this option if you do not want the SonicWALL
appliance to generate these reporting packets.
Dynamic Ports
•
Enable FTP Transformations for TCP port(s) in Service Object – FTP operates on TCP
ports 20 and 21 where port 21 is the Control Port and 20 is Data Port. However, when using
non-standard ports (eg. 2020, 2121), SonicWALL drops the packets by default as it is not
able to identify it as FTP traffic. The Enable FTP Transformations for TCP port(s) in
Service Object option allows you to select a Service Object to specify a custom control port
for FTP traffic.
ports 20 and 21 where port 21 is the Control Port and 20 is Data Port. However, when using
non-standard ports (eg. 2020, 2121), SonicWALL drops the packets by default as it is not
able to identify it as FTP traffic. The Enable FTP Transformations for TCP port(s) in
Service Object option allows you to select a Service Object to specify a custom control port
for FTP traffic.
To illustrate how this feature works, consider the following example of an FTP server
behind the SonicWALL listening on port 2121:
behind the SonicWALL listening on port 2121:
a.
On the Network > Address Objects page, create an Address Object for the private
IP address of the FTP server with the following values:
IP address of the FTP server with the following values:
•
Name: FTP Server Private
•
Zone: LAN
•
Type: Host
•
IP Address: 192.168.168.2