Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Flow (NSM Procedure)

    The flow feature allows you to configure bridge, TCP MSS, TCP session, and traceoptions.

    To configure the flow feature:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the flow options.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow.
    4. Configure the options as specified in Table 1.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the flow parameters.

    Table 1: Flow Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the flow feature.

    (Optional) Enter a comment.

    Allow Dns Reply

    Allows unmatched incoming DNS reply packets.

    Select the Allow Dns reply check box to enable this feature.

    Route Change Timeout

    Specifies the timeout value for route change to nonexistence route.

    Set the timeout value for the route change. Range: 6 - 1800.

    Syn Flood Protection Mode

    Specifies the TCP synchronized flood-protection mode.

    Select the synchronized flood protection mode from the list.

    You can configure the following options:

    Configuring a Bridge (NSM Procedure)

    To configure a bridge option:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure a bridge option.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow > Bridge.
    4. Configure the options as specified in Table 2.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the bridge settings.

    Table 2: Bridge Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the bridge option.

    (Optional) Enter a comment.

    Block Non IP All

    Specifies that all non-IP and non-ARP traffic, including broadcast and multicast traffic are blocked.

    Select the Block Non IP All check box to enable this feature.

    Bypass Non IP Unicast

    Allows all non-IP traffic that includes unicast traffic.

    Select the Bypass Non IP Unicast check box to enable this feature.

    Bridge > No Packet Flooding

    Enable Feature

    Allows to enable the feature of setting the No Packet Flooding.

    Select Enable Feature to enable this feature.

    Comment

    Supplies a descriptive comment for the packet flooding option.

    (Optional) Enter a comment.

    No Trace Route

    Specifies that the ICMP must not be sent to trigger MAC learning.

    Select the No Trace Route check box to enable this feature.

    Configuring the TCP MSS Option (NSM Procedure)

    To configure the TCP MSS option:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the TCP MSS option.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow > Tcp Mss.
    4. Configure the options as specified in Table 3.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the TCP MSS settings.

    Table 3: TCP MSS Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for TCP MSS.

    (Optional) Enter a comment.

    Tcp Mss > All Tcp

    Comment

    Supplies a descriptive comment for the all TCP options.

    (Optional) Enter a comment.

    Mss

    Specifies the maximum segment size for all TCP options.

    Set the MSS value. Range: 64 - 65535.

    Tcp Mss > Gre In

    Enable Feature

    Enables the received Generic Routing Encapsulation (GRE) feature.

    Select the Enable Feature check box to enable this feature.

    Comment

    Supplies a descriptive comment for the received GRE.

    (Optional) Enter a comment.

    Mss

    Specifies the maximum segment size for the received GREs.

    Set the MSS value. Range: 64 - 65535.

    Tcp Mss > Gre Out

    Enable Feature

    Enables the sent Generic Routing Encapsulation (GRE) feature.

    Select the Enable Feature check box to enable this feature.

    Comment

    Supplies a descriptive comment for the sent GREs.

    (Optional) Enter a comment.

    Mss

    Specifies the maximum segment size for the sent GREs.

    Set the MSS value. Range: 64 - 65535.

    Tcp Mss > IPsec Vpn

    Enable Feature

    Enables the IPsec VPN feature.

    Select the Enable Feature check box to enable this feature.

    Comment

    Supplies a descriptive comment for the IPsec VPN.

    (Optional) Enter a comment.

    Mss

    Specifies the maximum segment size for IPsec VPNs.

    Set the MSS value. Range: 64 - 65535.

    Configuring the TCP Session Option (NSM Procedure)

    To configure the TCP session option:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the TCP session option.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow > Tcp Session.
    4. Configure the options as specified in Table 4.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the TCP session settings.

    Table 4: TCP Session Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the TCP session.

    (Optional) Enter a comment.

    Rst Invalidate Session

    Specifies that the session ends immediately on receipt of the reset segment.

    Select the Rst Invalidate Session check box to enable this feature.

    Rst Sequence Check

    Enables checking of the sequence number in the reset segment.

    Select the Rst Sequence Check check box to enable this feature.

    No Syn Check

    Disables the creation-time synchronized flag check.

    Select the No Syn Check check box to enable this feature.

    Strict Syn Check

    Enables the strict synchronized check.

    Select the Strict Syn Check check box to enable this feature.

    No Syn Check In Tunnel

    Disables creation-time synchronized flag check for tunnel packets.

    Select the No Syn Check In Tunnel check box to enable this feature.

    No Sequence Check

    Disables sequence-number checking.

    Select the No Sequence Check check box to enable this feature.

    Tcp Initial Timeout

    Specifies the timeout period for the TCP session when initialization fails.

    Set the timeout period when the initialization fails. Range: 20 through 300.

    Configuring Traceoptions (NSM Procedure)

    The traceoptions feature allows you to configure file and flag options.

    To configure the traceoptions:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the traceoptions.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow > Traceoptions.
    4. Configure the options as specified in Table 5.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the traceoptions settings.

    Table 5: Traceoptions Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the traceoptions.

    (Optional) Enter a comment.

    No Remote Trace

    Disables remote tracing.

    Select the No Remote Trace check box to enable this feature.

    Rate Limit

    Specifies the limit for the incoming rate of trace messages.

    Set the incoming rate for trace messages. Range: 0 - 4,294,967,295.

    You can now configure the following options:

    Configuring File Options (NSM Procedure)

    To configure file options:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the file options.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow > Traceoptions > File.
    4. Configure the file options as specified in Table 6.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the file settings.

    Table 6: File Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the filename.

    (Optional) Enter a comment.

    Filename

    Specifies the filename to write the traceoptions.

    Enter a filename.

    Size

    Specifies the maximum size of the trace file.

    Enter the maximum file size.

    Files

    Specifies the maximum number of the trace files.

    Set the maximum number of the trace files. Range: 2 - 1000.

    None

    Specifies that neither the world-readable nor the no-world-readable option is enabled.

    Select the option.

    world-readable

    Allows any user to read the log file.

    (Optional) Select the option.

    no-world-readable

    Prevents any user from reading the log file.

    (Optional) Select the option.

    Match

    Specifies the regular expression for the lines to be logged.

    Enter the match expression.

    Configuring Flag Options (NSM Procedure)

    To configure flag options:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the flag options.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow > Traceoptions > Flag.
    4. Add or modify settings as specified in Table 7.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the flag settings.

    Table 7: Flag Configuration Details

    OptionFunctionYour Action

    Name

    Specifies the trace flag name.

    Select a name from the list.

    Comment

    Supplies a descriptive comment for the trace flag.

    (Optional) Enter a comment.

    Configuring Packet Filter Options (NSM Procedure)

    To configure packet filter options:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the packet filter options.
    3. Click the Configuration tab. In the configuration tree, select Security > Flow > Traceoptions > Packet Filter.
    4. Add or modify settings as specified in Table 8.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the packet filter settings.

    Table 8: Packet Filter Configuration Details

    OptionFunctionYour Action

    Name

    Specifies the trace packet filter name.

    Enter a name.

    Comment

    Supplies a descriptive comment for the packet filter.

    (Optional) Enter a comment.

    Protocol

    Specifies the match IP protocol type.

    Select the protocol type from the list.

    Source Prefix

    Specifies the source IPv4 address prefix.

    Enter the source IPv4 address prefix.

    Destination Prefix

    Specifies the destination IPv4 address prefix.

    Enter the destination IPv4 address prefix.

    Source Port

    Specifies the match TCP/UDP source port.

    Select the source port from the list.

    Destination Port

    Specifies the match TCP/UDP destination port.

    Select the destination port from the list.

    Interface

    Specifies the logical Interface.

    Select the interface from the list.

    Published: 2013-01-06