Detection Prevention

To enable detection prevention:

1. Navigate to Network > Firewall > Advanced.

2. Scroll to Detection Prevention.

   

3. By default, the security appliance responds to incoming connection requests as either blocked or open. To ensure your security appliance does not respond to blocked inbound connection requests, select Enable Stealth Mode. Stealth Mode makes your security appliance essentially invisible to hackers. This option is not selected by default.
4. To prevent hackers using various detection tools from detecting the presence of a security appliance, select Randomize IP ID. IP packets are given random IP IDs, which makes it more difficult for hackers to “fingerprint” the security appliance. This option is not selected by default.

5. Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. To decrease the TTL value for packets that have been forwarded and, therefore, have already been in the network for some time, select Decrement IP TTL for forwarded traffic. This option is not selected by default.

   When you select this option, the following option becomes available.

6. The firewall generates Time-Exceeded packets to report when a packet its dropped because its TTL value has decreased to zero. To prevent the firewall from generate these reporting packets, select Never generate ICMP Time-Exceeded packets. This option is not selected by default.
7. Click Accept.