| Function | Option |
|---|---|
| IP fragment | Max fragment number: Specifies a max fragment number for every IP packet. The value range is 1 to 1024. The default value is 48. Any IP packet that contains more fragments than this number will be dropped. |
| Timeout: Specifies a timeout period for fragment reassembling. The value range is 1 to 30. The default value is 2. If system has not received all the fragments after timeout, the packet will be dropped. | |
| Longlife session: Enables or disables longlife session. If this function is enabled, specify longlife session's percentage in the Percentage box below. The default value is 10, i.e., 10% of longlife session in the total sessions. | |
| TCP | TCP MSS: Specifies a MSS value for all the TCP SYN/ACK packets. Select the Enable check box, and type the value into the Max MSS box below. The value range is 64 to 65535. The default value is 1448. |
| TCP MSS VPN: Specifies a MSS value for IPSec VPN's TCP SYN packets. Select the Enable check box, and type the value into the Max MSS box below. The value range is 64 to 65535. The default value is 1380. | |
| TCP sequence number check: Configures if the TCP sequence number will be checked. When this function is enabled, if the TCP sequence number exceeds TCP window, that TCP packet will be dropped. | |
| TCP three-way handshaking: Configures if the timeout of TCP three-way handshaking will be checked. Select the Enable check box to enable this function, and specify a timeout value in the Timeout box below. The value range is 1 to 1800 seconds. The defalut value is 20. If the three-way handshaking has not been completed after timeout, the connection will be dropped. | |
| TCP SYN packet check: Select the Enable check box to enable this function, and only when a packet is a TCP SYN packet can a connection be established. | |
| Others | Non-IP and non-ARP packet: Specifies how to process packets that are neither IP nor ARP. |