Options: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
No edit summary
Line 10: Line 10:
* Send ICMP Redirects
* Send ICMP Redirects
** ICMP Redirects are used to alert machines if a shorter route is available. Default is on.
** ICMP Redirects are used to alert machines if a shorter route is available. Default is on.
* Enable STP (Spanning Tree) on Bridges
** This enables STP (Spanning Tree Protocol) on bridges which is a protocol used to help detect loops and avoid packet storms in this case. Given that a bridge loop is fatal configuration, this option is off by default so the fatal configuration will fail quickly. It is NOT suggested to rely on STP to stop bridge loops.
* DHCP Authoritative
* DHCP Authoritative
** If enabled, all DHCP serving is authoritative. Default is on. DHCP Authoritative is documented [http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html here].
** If enabled, all DHCP serving is authoritative. Default is on. DHCP Authoritative is documented [http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html here].

Revision as of 01:30, 25 March 2018

Options

Options contains some global networking options.

  • Enable SIP NAT Helper
    • This enables the kernel SIP NAT fixup. Most SIP solutions handle NAT on their own, but sometimes rewriting of address inside SIP by the NAT device is necessary. Enabling this will enable bypassed SIP sessions to be rewritten in the kernel. Default is off.
  • Send ICMP Redirects
    • ICMP Redirects are used to alert machines if a shorter route is available. Default is on.
  • Enable STP (Spanning Tree) on Bridges
    • This enables STP (Spanning Tree Protocol) on bridges which is a protocol used to help detect loops and avoid packet storms in this case. Given that a bridge loop is fatal configuration, this option is off by default so the fatal configuration will fail quickly. It is NOT suggested to rely on STP to stop bridge loops.
  • DHCP Authoritative
    • If enabled, all DHCP serving is authoritative. Default is on. DHCP Authoritative is documented here.
  • Block new sessions during network configuration
    • If enabled, all sessions will be blocked (dropped) when network settings changes are applied. This will provide increased security for router mode deployments and is not recommended for bridged mode deployments. The default setting is disabled.
  • Log bypassed sessions
    • If enabled, bypassed sessions will be logged to the sessions table
  • Log outbound local sessions
    • If enabled, bypassed sessions created by the Untangle server itself will be logged to the sessions table
  • Log inbound local sessions
    • If enabled, bypassed sessions to the Untangle server itself will be logged to the sessions table
  • Log blocked sessions
    • If enabled, all sessions blocked by filter rules or NAT or the shield will be logged to the sessions table.