Configure advanced properties for Master NGFW Engine interfaces

Advanced settings allow you to configure SYN Rate Limits and Log Compression for interfaces that are used for the Master NGFW Engine’s own traffic.

Advanced settings are not available for interfaces that are associated with a Virtual Resource.

SYN Rate Limits are applied to TCP connections. Each TCP connection starts with a SYN packet. If the SYN Rate Limits defined for the Master NGFW Engine are reached, the Master NGFW Engine drops new TCP connections.

By default, each generated Antispoofing and Discard log entry is logged separately and displayed as a separate entry in the Logs view. Log Compression settings allow you to define the maximum number of separately logged entries. When the defined limit is reached, a single antispoofing log entry or Discard log entry is logged. The single entry contains information about the total number of the generated Antispoofing log entries or Discard log entries. After this log entry, the logging returns to normal and all generated entries are once more logged and displayed separately. Log Compression is useful when the routing configuration generates a large volume of antispoofing logs or the number of Discard logs becomes high.

Note: The SYN Rate Limits and Log Compression settings in the interface properties override the general SYN Rate Limits and Log Compression settings. These settings are defined in the Engine Editor.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click a Master NGFW Engine and select Edit Master NGFW Engine.
    The Engine Editor opens.
  2. In the navigation pane on the left, select Interfaces.
    The Interfaces pane opens on the right.
  3. Right-click a Physical Interface or a VLAN Interface and select Edit Physical Interface or Edit VLAN Interface.
    The properties dialog box for the interface opens.
  4. Switch to the Advanced tab.
  5. Select Override Engine’s Default Settings.
    The options for SYN Rate Limits and Log Compression are enabled.
  6. (Optional) Define the SYN Rate Limits.
    CAUTION:
    The recommended values for the SYN Rate Limits depend on your network environment. If the Custom settings are not carefully configured, the capacity of the Master NGFW Engine might suffer or SYN Rate Limits might not work correctly.
  7. (Optional) Enable Log Compression and enter values for the Antispoofing (Master NGFW Engines that host Virtual Firewalls only) entries and for Discard entries.
    Note: Do not enable Log Compression if you want all Antispoofing and Discard entries to be logged as separate log entries.
  8. Click OK.
  9. Continue the configuration in one of the following ways:
    • If you are configuring a new Master NGFW Engine, or if you want to change the roles the interfaces have in the configuration, select system communication roles for Master NGFW Engine interfaces.
    • Otherwise, click Save and Refresh to transfer the configuration changes.