How to turn off SmartDefence?

hahasasa · #1 (**permalink**) 2006-03-21

Is there any command to turn off SmartDefence and let the firewall perform just as a layer4 filter?
I've disabled anything in SmartDefence,but there still be some log showing packets dropped by SmartDefence,such as DNS packet saying "Illegal query format".
I just want to allow these Illegal query format,but don't know how to do...

Thanks for any one here!

Sergej · #2 (**permalink**) 2006-03-22

There is user friendly SmartDefence GUI disable option in the NGX only (Central Configuration button under the general folder).
For the DNS look for "DNS Protocol Enforcement" options. Uncheck TCP and UDP options.

hahasasa · #3 (**permalink**) 2006-03-22

Here I'm running R54 or R55.

I agree that disabling "enforce UDP" may have some affect,but since the drop reason——"Illegal query format" is the result of Application Layer inspect,so I don't think disabling "enforce UDP" will work.

For example
If I send a packet with dst port UDP 53 and the L7 data isn't DNS format,will the checkpoint drop it?

What can I do to accept these packets?

Sergej · #4 (**permalink**) 2006-03-22

I have seen a lot of DNS enforcement errors with pre-NGX versions on the customers firewalls. Some are just ignore them (internet is still working)

enforce UDP is the right check-box to disable (if you want to stop using DNS enforcement)

hahasasa · #5 (**permalink**) 2006-03-23

I've done it,and will look if it works.
Thanks!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode