Support

Support for business applications

Kaspersky SD-WAN

Managing the firewall

Basic firewall settings

Kaspersky SD-WAN
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools

Basic firewall settings

April 17, 2024

ID 270188

Save as PDF

You can configure basic firewall settings in a firewall template or on a CPE device. When you configure basic firewall settings in a firewall template, these settings are automatically propagated to all CPE devices that are using the template.

The firewall applies the actions specified in its basic settings to traffic packets. Traffic packets are affected by this if no firewall rules have been applied to them and they have not been forwarded to any of the firewall zones.

To specify the basic firewall settings:

  1. Specify basic firewall settings in one of the following ways:
    • If you want to edit basic firewall settings in a firewall template, go to the SD-WAN → Firewall templates menu section and click the template.
    • If you want to edit basic firewall settings on a CPE device, go to the SD-WAN → CPE menu section, click the device, and in the displayed settings area, select the Firewall settings → Global settings tab and select the Override check box.

    Basic firewall settings are displayed.

  2. If you want to disable SYN flood protection, clear the Syn-flood protection check box. This check box is selected by default. When SYN flood protection is enabled, a maximum of 25 traffic packets per second with the SYN, ACK, RST, and FIN flags can be sent to a CPE device.
  3. If you want the firewall to drop traffic packets marked as invalid by the conntrack function, select the Drop invalid packets check box. This check box is cleared by default.
  4. If you want to disable the DPI (Deep Packet Inspection) technology, clear the Enable DPI check box. This check box is selected by default. The DPI technology lets you create firewall rules that apply only to traffic packets of the specified application.

    When the DPI technology is disabled, you cannot configure DPI marking, and firewall rules that use this technology are automatically disabled.

  5. In the Default INPUT action drop-down list, select the action that you want the firewall to apply to inbound traffic packets:
    • ACCEPT to accept traffic packets. Default value.
    • DROP to drop traffic packets.
    • REJECT to reject traffic packets with an icmp-reject message.
  6. In the Default OUTPUT action drop-down list, select the action that you want the firewall to apply to outbound traffic packets:
    • ACCEPT to accept traffic packets. Default value.
    • DROP to drop traffic packets.
    • REJECT to reject traffic packets with an icmp-reject message.
  7. In the Default FORWARD action drop-down list, select the action that you want the firewall to apply to traffic packets relayed between network interfaces and subnets:
    • ACCEPT to accept traffic packets. Default value.
    • DROP to drop traffic packets.
    • REJECT to reject traffic packets with an icmp-reject message.
  8. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.