Configuring the <strong>Firewall</strong>Configuring Advanced <strong>Firewall</strong> Settings4To configure session settings:STEP 1STEP 2STEP 3STEP 4STEP 5STEP 6STEP 7STEP 8Choose <strong>Firewall</strong> > Advanced Settings > Session Settings.In the Maximum Unidentified Sessions field, enter the maximum number ofunidentified sessions for the ALG identification process. This value can range from2 through 128. The default is 32 sessions.In the Maximum Half Open Sessions field, enter the maximum number of half-opensessions. A half-open session is the session state between receipt of a SYNpacket and the SYN/ACK packet. Under normal circumstances, a session isallowed to remain in the half-open state for 10 seconds. The maximum valueranges from 0 through 3,000. The default is 128 sessions.In the TCP Session Timeout Duration field, enter the time, in seconds, after whichinactive TCP sessions are removed from the session table. Most TCP sessionsterminate normally when the RST or FIN flags are detected. This value ranges from0 through 4,294,967 seconds. The default is 1,800 seconds (30 minutes).In the UDP Session Timeout Duration field, enter the time, in seconds, after whichinactive UDP sessions are removed from the session table. This value ranges from0 through 4,294,967 seconds. The default is 120 seconds (2 minutes).In the Other Session Timeout Duration (seconds) field, enter the time, in seconds,after which inactive non-TCP/UDP sessions are removed from the session table.This value ranges from 0 through 4,294,967 seconds. The default is 60 seconds.In the TCP Session Cleanup Latency (seconds) field, enter the maximum time for asession to remain in the session table after detecting both FIN flags. This valueranges from 0 through 4,294,967 seconds. The default is 10 seconds.Click Save.Configuring Internet Group Management Protocol (IGMP)Internet Group Management Protocol (IGMP) is an exchange protocol for routers.Hosts that want to receive multicast messages need to inform their neighboringrouters of their status. In some networks, each node in a network becomes amember of a multicast group and receives multicast packets. In these situations,hosts exchange information with their local routers using IGMP. Routers use IGMPperiodically to check if the known group members are active. IGMP provides amethod called dynamic membership by which a host can join or leave a multicastgroup at any time.<strong>Cisco</strong> <strong>RV</strong><strong>120W</strong> Administration Guide 85
Configuring the <strong>Firewall</strong>Configuring Advanced <strong>Firewall</strong> Settings4To configure IGMP:STEP 1STEP 2STEP 3STEP 4Choose <strong>Firewall</strong> > Advanced Settings > IGMP Configuration.Check the Enable box to allow IGMP communication between the router and othernodes in the network.Choose the Upstream Interface (WAN or LAN). Select the interface (LAN or WAN)on which the IGMP proxy acts as a normal multicast client.Click Save.The Allowed Networks table lists all the allowed networks configured for thedevice and allows several operations on the allowed networks:• Network Address—The network address from which the multicast packetsoriginate.• Mask Length— Mask Length for the network address.In this table you can perform the following actions:• Check Box—Select all the allowed networks in the table.• Delete—Deletes the selected allowed network or allowed networks.• Add—Opens the Allowed Network Configuration page to add a newnetwork.• Edit—Opens the Allowed Network Configuration page to edit the selectednetwork.NOTEBy default the device will forward multicast packets which are originating from itsimmediate WAN network.Configuring LAN (Local Network) GroupsYou can create LAN groups, which are groups of endpoints that are identified bytheir IP address. After creating a group, you can then configure actions, such asblocked keywords in a firewall rule, that apply to the group. (See Configuring URLBlocking, page 74.)<strong>Cisco</strong> <strong>RV</strong><strong>120W</strong> Administration Guide 86