Справочник Пользователя для SonicWALL 5.8.1
Firewall Settings > Flood Protection
736
SonicOS 5.8.1 Administrator Guide
TCP Settings
The TCP Settings section allows you to:
•
Enforce strict TCP compliance with RFC 793 and RFC 1122 – Select to ensure strict
compliance with several TCP timeout rules. This setting maximizes TCP security, but it may
cause problems with the Window Scaling feature for Windows Vista users.
compliance with several TCP timeout rules. This setting maximizes TCP security, but it may
cause problems with the Window Scaling feature for Windows Vista users.
•
Enable TCP handshake enforcement – Require a successful three-way TCP handshake
for all TCP connections.
for all TCP connections.
•
Enable TCP checksum enforcement – If an invalid TCP checksum is calculated, the
packet will be dropped.
packet will be dropped.
•
Default TCP Connection Timeout – The default time assigned to Access Rules for TCP
traffic. If a TCP session is active for a period in excess of this setting, the TCP connection
will be cleared by the SonicWALL. The default value is 5 minutes, the minimum value is 1
minute, and the maximum value is 999 minutes. Note: Setting excessively long connection
time-outs will slow the reclamation of stale resources, and in extreme cases could lead to
exhaustion of the connection cache.
traffic. If a TCP session is active for a period in excess of this setting, the TCP connection
will be cleared by the SonicWALL. The default value is 5 minutes, the minimum value is 1
minute, and the maximum value is 999 minutes. Note: Setting excessively long connection
time-outs will slow the reclamation of stale resources, and in extreme cases could lead to
exhaustion of the connection cache.
•
Maximum Segment Lifetime (seconds) – Determines the number of seconds that any
TCP packet is valid before it expires. This setting is also used to determine the amount of
time (calculated as twice the Maximum Segment Lifetime, or 2MSL) that an actively closed
TCP connection remains in the TIME_WAIT state to ensure that the proper FIN / ACK
exchange has occurred to cleanly close the TCP connection.
TCP packet is valid before it expires. This setting is also used to determine the amount of
time (calculated as twice the Maximum Segment Lifetime, or 2MSL) that an actively closed
TCP connection remains in the TIME_WAIT state to ensure that the proper FIN / ACK
exchange has occurred to cleanly close the TCP connection.
–
Default value: 8 seconds
–
Minimum value: 1 second