When this option is enabled, a check is performed as to whether a connection is being established correctly. Erroneous packets are dropped whilst the connection is being established. If this option is disabled, all packets for which this rule applies are accepted.
Furthermore, this option is enabled for the automatic protocol recognition for FTP, IRC, PPTP necessary to be able to open a port in the firewall for each data connection.
The test for portscans/SYN flooding is also enabled/disabled with this option. This can exclude particular, heavily-frequented servers from the test, meaning that limits for half-open connections (DOS) or port requests (IDS) do not have to be set so high that they effectively become useless.
- SNMP ID:
- 2.8.10.2.12
- Console path:
- Setup > IP-Router > Firewall > Rules
- Possible values:
- No
- Yes
- Default:
- Yes