Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-3400

871

872

873

874

875

876

877

878

879

880

Dell PowerConnect W-Series ArubaOS 6.1 CLI | Reference Guide show firewall | 871

The output of this command includes the following information:

Parameter Description

Enforce TCP handshake

before allowing data

If enabled, this feature prevents data from passing between two clients until the three-way

TCP handshake has been performed. This option should be disabled when you have mobile

clients on the network as enabling this option will cause mobility to fail. You can enable this

option if there are no mobile clients on the network.

Prohibit RST replay

attack

If enabled, this setting closes a TCP connection in both directions if a TCP RST is received

from either direction.

Deny all IP Fragments If enabled, all IP fragments are dropped.

Prohibit IP Spoofing When this option is enabled, source and destination IP and MAC addresses are checked;

possible IP spoofing attacks are logged and an SNMP trap is sent.

Monitor ping attack If enabled, the controller monitors the number of ICMP pings per second. If this value

exceeds the maximum configured rate, the controller will register a denial of service

attack.

Monitor TCP SYN attack If enabled, the controller monitors the number of TCP SYN messages per second. If this

value exceeds the maximum configured rate, the controller will register a denial of service

attack.

Monitor IP sessions

attack

If enabled, the controller monitors the number of TCP sessions requests per second. If this

value exceeds the maximum configured rate, the controller will register a denial of service

attack sessions.

Deny inter user

bridging

If enabled this setting prevents the forwarding of Layer-2 traffic between wired or wireless

users. You can configure user role policies that prevent Layer-3 traffic between users or

networks but this does not block Layer-2 traffic.

Log all received ICMP

errors

Shows if the controller will log received ICMP errors.

Per-packet logging If active, and logging is enabled for the corresponding session rule, this feature logs every

packet.

Session mirror

destination

Destination to which mirrored packets are sent.

Stateful SIP Processing Shows if the controller has enabled or disabled monitoring of exchanges between a voice

over IP or voice over WLAN device and a SIP server. This option should be enabled only

when thee is no VoIP or VoWLAN traffic on the network

Allow tri-session with

DNAT

Shows if the controller allows three-way session when performing destination NAT.

Disable FTP server If active, this feature disables the FTP server on the controller.

GRE call id processing If active the controller creates a unique state for each PPTP tunnel.

Session Idle Timeout Shows if a session idle timeout interval has been defined.

Broadcast-filter ARP If enabled, this feature reduces the number of broadcast packets sent to VoIP clients,

thereby improving the battery life of voice handsets.

WMM content enforcement If traffic to or from the user is inconsistent with the associated QoS policy for voice, this

feature reclassifies traffic to best effort and data path counters are incremented.

Session VOIP Timeout If enabled, a idle session timeout is defined for sessions that are marked as voice sessions.

Stateful H.323

Processing

Shows if the controller has enabled or disabled stateful H.323 processing.

Stateful SCCP

Processing

Shows if the controller has enabled or disabled stateful SCCP processing.