The software continues to intercept and forward packets (inline) throughout the duration of
the connection.
Figure 7-8. TCP Intercept
In the event of illegitimate requests, the aggressive timeouts on half-open connections and thresholds on TCP
connection requests protect destination servers while continuing to forward legitimate requests.
TCP intercept operates in two modes: the passive watch mode or the default active intercept mode. In watch
mode, all connection requests are allowed to pass through the router with the software passively watching the
connection that is being established. If a connection fails to establish in a configurable interval, the software
then intervenes and terminates the connection attempt. Whereas in intercept mode, the software actively
intercepts all incoming connection SYN requests and responds on behalf of the server with an SYN-ACK waiting
for an ACK from the server. When an ACK is received from the TCP server, the original SYN is sent to the server
and the software performs a three-way handshake with the server. When this is complete, the two halfconnections
are joined.
Configuring TCP Intercept
To configure the TCP Intercept feature, you need to first define an access list that instructs the intercept engine
to intercept and validate either all requests or only specific networks or specific destination servers.
Pages:
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387