You change device parameters at the settings device level. To change a device parameter, use the following command (the <setting-name> is the parameter name):
Admin@nodename# set settings device <setting-name>
Available parameters:
|
Parameter |
Description |
|---|---|
|
l7 |
Enable/disable L7 module load:
By default, the module is loaded. Important! If you change this parameter, you need to reboot your UserGate device. |
|
sip |
Enable/disable SIP module load. The module needs to be enabled to map the signaling and data connection when NAT is used:
By default, the module is unloaded. Important! After enabling, for the module to work correctly, you must reload the firewall rules table (the Force changes button in the Network Policies ➜ Firewall section). |
|
h323 |
Enable/disable h323 module load. The module needs to be enabled to map the signaling and data connection when NAT is used:
By default, the module is unloaded. |
|
idps |
Enable/disable IDPS module load:
By default, the module is loaded. Important! If you change this parameter, you need to reboot your UserGate device. |
|
sunrpc |
Enable/disable SunRPC module load:
By default, the module is unloaded. |
|
ftp-alg |
Enable/disable FTP module load. The module needs to be enabled to map the signaling and data connection when NAT is used:
Important! The module must be enabled for passive FTP mode. By default, the module is unloaded. |
|
auth-type |
Use the IPsec Authentication Header signature for VRRP service packets in an HA cluster:
|
|
fw-drop-invalid |
Enable/disable blocking of packets with an invalid parameter set in the header fields:
The default setting is off. Enabling this option significantly reduces the firewall performance, so we recommend to leave this setting disabled. |
|
fw-established |
Enable/disable creation of a single common firewall rule for return packets:
The default setting is off. |
|
bypass-optimization |
Enable/disable SSL inspection optimization:
The default setting is off. |
To view the current settings, use the following command:
Admin@nodename# show settings device