Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

55-2

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 55 Configuring Security Policies on Firewall Devices

General Page

Configuring Floodguard, Anti-Spoofing and Fragment Settings

Use the General page under Platform > Security to enable or disable Floodguard (on a PIX 6.3 or FWSM

2.x device), to enable Unicast Reverse Path Forwarding (anti-spoofing) on individual interfaces, and to

configure IP fragment settings for the device, and for each interface of the device.

Floodguard

Floodguard lets you reclaim firewall resources if the user authentication subsystem runs out of resources.

If an inbound or outbound

uauth connection is being attacked or overused, the firewall will actively

reclaim TCP user resources.

If the user authentication subsystem is depleted, TCP user resources in different states are reclaimed in

the following order, depending on urgency:

1. Timewait

2. LastAck

3. FinWait

4. Embryonic

5. Idle

Floodguard is enabled by default. This option applies only to PIX 6.3 or FWSM 2.x devices.

Global Fragment Settings

Use these options to configure global fragment settings for the device. You can override these settings

for individual interfaces; see Add/Edit General Security Configuration Dialog Box, page 55-3 for more

information.

Enable Default Settings Check this box to enable the default fragment settings fields.

Size Specify the maximum number of fragments that can be in the IP

re-assembly database waiting for re-assembly. The default is 200.

Chain Specify the maximum number of fragments into which a full IP packet

can be fragmented. The default is 24 packets.

Timeout Specify the maximum number of seconds to wait for an entire

fragmented packet to arrive. The timer starts after the first fragment of

a packet arrives. If all fragments of the packet do not arrive by the

number of seconds specified, all fragments of the packet that were

already received will be discarded. The default is 5 seconds.

Interface Configuration Table

This table lists all interfaces on which individual anti-spoofing and fragment settings have been

defined. Refer to Configuring Floodguard, Anti-Spoofing and Fragment Settings, page 55-2 for more

information about these settings. Refer to Add/Edit General Security Configuration Dialog Box,

page 55-3 for more information about configuring these settings on individual interfaces.

Table 55-1 General Page (Continued)

Element Description

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems CL-28826-01 Security Camera User Manual