Owner manual
System Configuration 3-3
Stateful Inspection
Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled.
Stateful inspection can be enabled on a Connection Profile whether NAT is enabled or not. You can configure
UDP and TCP “no-activity” periods that will also apply to NAT time-outs if stateful inspection is enabled on the
interface. Stateful Inspection parameters are active on a WAN inter face only if enabled on your Gateway.
• UDP no-activity time-out: The time in seconds after which a UDP session will be terminated, if there is no
traffic on the session.
• TCP no-activity time-out: The time in seconds after which an TCP session will be terminated, if there is no
traffic on the session.
• DoS Detect: Beginning with Firmware Version 8.7, if you toggle this option to Yes , the device will monitor
packets for Denial of Service (DoS) attack. Offending packets may be discarded if it is determined to be a
DoS attack.
• Add Exposed Address List: Accesses the Add Exposed Address List screen. See “Add Exposed Address
List” on page 3-4.
• Exposed Address Associations: Accesses the Exposed Address Associations screen. See “Exposed
Address Associations” on page 3-8. The hosts specified in Exposed addresses will be allowed to receive
inbound traffic even if there is no corresponding outbound traffic. This is active only if NAT is disabled on a
WAN interface. An Exposed Address List can be associated with a Connection Profile only if NAT is disabled
and Stateful Inspection is enabled on the profile.
Stateful Inspection
UDP no-activity timeout (sec): 180
TCP no-activity timeout (sec): 14400
DoS Detect: No
Add Exposed Address List...
Exposed Address Associations...
Return/Enter goes to new screen.
Return/Enter to configure Xposed IP addresses.