Solved

Firewall Changes - Knock on effects?

Posted on 2011-09-08
1
572 Views
Last Modified: 2012-05-12
Hi All

We have a sonicwall NSA 3500 filewall appliance and we are thinking about enabling the following features.

Enable TCP handshake enforcement
Enable TCP checksum enforcement

Can anybody explain what effect this will have?

(I have a brief idea but i am playing dumb to make sure i havent overlooked anything).

Thanks for any comments.
0
Comment
Question by:ict-torquilclark
1 Comment
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 500 total points
ID: 36501690
Hi,

The TCP Handshake enforcement requires a successful three way handshake for all TCP connections. It prevents DDOS attacks by dropping connections which are incomplete and only allow a connection after three way handshake. The  Enable TCP checksum enforcement  drops a packet If an invalid TCP checksum is calculated. You can also check the below link;

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3768&p=t
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWALL SIP Transformation Problem 4 84
Ms azure 2 29
SSH over http/https 8 123
How to set DHCPv6 options on a Sonicwall? 13 140
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question