142
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
C
HAPTER
24:
Configuring Advanced Access Rule Settings
Detection Prevention
• Enable Stealth Mode - By default, the security appliance responds to incoming connection
requests as either “blocked” or “open.” If you enable Stealth Mode, your security appliance does
not respond to blocked inbound connection requests. Stealth Mode makes your security appliance
essentially invisible to hackers.
• Randomize IP ID - Select Randomize IP ID to prevent hackers using various detection tools from
detecting the presence of a security appliance. IP packets are given random IP IDs, which makes
it more difficult for hackers to “fingerprint” the security appliance.
Dynamic Ports
• Enable support for Oracle (SQLNet) - Select if you have Oracle applications on your network.
• Enable support for Windows Messenger - Select this option to support special SIP messaging
used in Windows Messenger on the Windows XP.
• Enable RTSP Transformations - Select this option to support on-demand delivery of real-time
data, such as audio and video. RTSP (Real Time Streaming Protocol) is an application-level
protocol for control over delivery of data with real-time properties.
Source Routed Packets
Drop Source Routed Packets is selected by default. Clear the check box if you are testing traffic
between two specific hosts and you are using source routing.
TCP Connection Inactivity Timeout
If a connection to a remote server remains idle for more than five minutes, the security appliance
closes the connection. Without this timeout, Internet connections could stay open indefinitely, creating
potential security holes. You can increase the Inactivity Timeout if applications, such as Telnet and
FTP, are frequently disconnected.
Access Rule Service Options
Force inbound and outbound FTP data connections to use default port 20 - The default
configuration allows FTP connections from port 20 but remaps outbound traffic to a port such as 1024.
If the check box is selected, any FTP data connection through the security appliance must come from
port 20 or the connection is dropped. The event is then logged as a log event on the security
appliance.