Configuring Router Parameters (NSM Procedure)
Router parameters control how the
security module handles address resolution protocol (ARP) requests/replies
and media access control (MAC) address issues. These settings apply
to proxy-ARP and bridge mode deployments.
To configure router parameters:
- In NSM Device Manager, double-click the IDP device
for which you want to configure router parameters. The device configuration
editor appears.
- Click Sensor Settings.
- Click the Router Parameters tab.
- Configure the router parameters using Table 1.
- Click Apply.
- Click OK.
Table 1: IDP Device Configuration: Router
Parameter Settings
|
Setting
|
Description
|
|
ARP timeout (seconds)
|
When the virtual router is in proxy-ARP mode, this setting
controls how long an ARP entry is maintained in the virtual router.
If IDP does not receive an ARP reply before the timeout expires, the
ARP entry times out. The default is 3600 seconds.
|
|
ARP proxy timeout (seconds)
|
In proxy-ARP mode, IDP sends out proxy ARPs on all interfaces
except the one on which an ARP request was received. This setting
indicates how long the original ARP entry is maintained in the virtual
router if IDP does not receive an ARP reply through that interface.
The default is 20 seconds.
|
|
Log ARP attacks
|
When selected, IDP detects and logs all spoofed ARP requests/replies
and other ARP anomalies. This setting is enabled by default.
|
|
MAC timeout (seconds)
|
When the virtual router is in bridge mode, this setting
controls how long a MAC entry is maintained in the virtual router.
The default is 3600 seconds.
|
|
MAC proxy timeout (seconds)
|
In bridge mode, IDP performs MAC discovery if the target
MAC address is not in its MAC table. This setting controls how long
the entry is maintained in the virtual router until a reply comes
back. The default is 20 seconds.
|
