Packet Sanity

Packet Sanity performs several Layer 3 and Layer 4 sanity checks. These include verifying packet size, UDP and TCP header lengths, dropping IP options, and verifying the TCP flags.

You can configure whether logs should be issued for offending packets.

Packet Sanity Fields

In this field…	Do this…
Action	Specify what action to take when a packet fails a sanity test, by selecting one of the following: Block. Block the packet. This is the default. None. No action.
Track	Specify whether to issue logs for packets that fail the packet sanity tests, by selecting one of the following: Log. Issue logs. This is the default. None. Do not issue logs.
Disable relaxed UDP length verification	The UDP length verification sanity check measures the UDP header length and compares it to the UDP header length specified in the UDP header. If the two values differ, the packet may be corrupted. However, since different applications may measure UDP header length differently, the Safe@Office appliance relaxes the UDP length verification sanity check by default, performing the check but not dropping offending packets. This is called relaxed UDP length verification. Specify whether the Safe@Office appliance should relax the UDP length verification sanity check or not, by selecting one of the following: True. Disable relaxed UDP length verification. The Safe@Office appliance will drop packets that fail the UDP length verification check. False. Do not disable relaxed UDP length verification. The Safe@Office appliance will not drop packets that fail the UDP length verification check. This is the default.

In this field…

Do this…

Action

Specify what action to take when a packet fails a sanity test, by selecting one of the following:

Block. Block the packet. This is the default.
None. No action.

Track

Specify whether to issue logs for packets that fail the packet sanity tests, by selecting one of the following:

Log. Issue logs. This is the default.
None. Do not issue logs.

Disable relaxed UDP length verification

The UDP length verification sanity check measures the UDP header length and compares it to the UDP header length specified in the UDP header. If the two values differ, the packet may be corrupted.

However, since different applications may measure UDP header length differently, the Safe@Office appliance relaxes the UDP length verification sanity check by default, performing the check but not dropping offending packets. This is called relaxed UDP length verification.

Specify whether the Safe@Office appliance should relax the UDP length verification sanity check or not, by selecting one of the following:

True. Disable relaxed UDP length verification. The Safe@Office appliance will drop packets that fail the UDP length verification check.
False. Do not disable relaxed UDP length verification. The Safe@Office appliance will not drop packets that fail the UDP length verification check. This is the default.