Home/Support/Support Forum/Digi Transport firewall
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Digi Transport firewall

0 votes
Kindly advise on the usage of, flag S!A and inspect state
they must be use together? I tried using them separately, what is the effect?
etc
dscp 20 proto ftp
dscp 20 proto ftp flags S!A
dscp 20 proto ftp flags S!A inspect state

All works but don't really understand the combination, will it have any effect if use on dscp fw rules?

1) I saw statements use them, inspect state allow connect out on a DSt ip, and allow the destination IP to make a separate connection in also on different port?

Thanks
asked Feb 6, 2015 in Digi TransPort Cellular by digiuser833 New to the Community (1 point)

Please log in or register to answer this question.

1 Answer

0 votes
Hi

the inspect-state command is used in the firewall to allow the return path rules to be created dynamical

on the basic firewall version you would have to have an inbound and outbound rule to allow communications

with the flags this is only going to start or be valid when it is the first packet in the process and this will build the return path
as the first packet would only have a syn flag
any other attempts would not satisie the rule so S!A is only going to allow the SYN packet of the communication and then the rest of the packets in the stream will be allowed as they are associated with the stream.

if the firewall recives a packet with SYN ACK and no releavent stream in it tables it will be dropped

regards
answered Mar 5, 2015 by James.Wilson Veteran of the Digi Community (1,225 points)
...