About Default Packet Handling Options
When your XTM device receives a packet, it examines the source and destination for the packet. It looks at the IP address and the port number. The device also monitors the packets to look for patterns that can show your network is at risk. This process is called default packet handling.
Default packet handling can:
- Reject a packet that could be a security risk, including packets that could be part of a spoofing attack or SYN flood attack
- Automatically block all traffic to and from an IP address
- Add an event to the log file
- Send an SNMP trap to the SNMP management server
- Send a notification of possible security risks
Most default packet handling options are enabled in the default XTM device configuration. You can use Fireware XTM Web UI to change the thresholds at which the XTM device takes action. You can also change the options selected for default packet handling.
The default packet handling options related to IPSec, IKE, ICMP, SYN, and UDP flood attacks apply to both IPv4 and IPv6 traffic. All other options apply only to IPv4 traffic.
Configure Default Packet Handling
- Select Firewall > Default Packet Handling.
The Default Packet Handling page appears.
- Select the check boxes for the traffic patterns you want to take action against, as explained in these topics:
For more information, see About SNMP.
About Blocked Sites
About Blocked Ports