UDP Source Port 0

How to treat UDP packets with source port 0.

Default: DropLog

Port 0

How to treat TCP/UDP packets with destination port 0 and TCP packets with source port 0.

Default: DropLog

Watchdog Time

Number of non-responsive seconds before the watchdog is triggered (0=disable).

Default: 180

Flood Reboot Time

As a final way out, cOS Core automatically reboots if its buffers have been flooded for a long time. This setting specifies the amount of time the buffers are flooded before the reboot occurs.

Default: 3600

Dynamic High Buffers

When enabled, cOS Core will automatically determine the number of packet buffers to be preallocated in memory on system startup. These packet buffers will be shared amongst various cOS Core subsystems. The default allocation for buffers is 3% of total available memory, with a lower limit of 1024. Note that in addition to this 3%, there is always an additional 512 Kbytes of overhead allocated.

This setting requires a restart of cOS Core for a new value to take effect. A reconfiguration is not sufficient.

Default: Enabled

High Buffers

If the Dynamic High Buffers setting is not enabled then High Buffers determines the number of packet buffers preallocated in memory above the 1 MByte lower limit. When troubleshooting memory related problems, increasing this setting can sometimes provide a solution. The stats CLI command output will indicate the current packet buffer usage as a percentage of the total allocated.

Note that it is important to keep this setting's value well below the limits of the available free memory. The memory CLI command will show the currently available free memory. This consideration is discussed further in Section 3.4.2.3, Changing RX and TX Ring Sizes.

This setting requires restart of cOS Core, for example using the shutdown command, for a new value to take effect. A reconfiguration is not sufficient.

Default: 1024

Local Undelivered

How to treat (allowed) packets to the firewall that do not match open (listening) ports. A few examples of ports the firewall normally listen on by default (depending on configuration): This event triggers if/when the firewall receives a packet directed to itself but there is nothing configured that listen on that particular port.

Default: DropLog

Max Pipe Users

The maximum number of pipe users to allocate. As pipe users are only tracked for a 20th of a second, this number usually does not need to be anywhere near the number of actual users, or the number of statefully tracked connections. If there are no configured pipes, no pipe users will be allocated, regardless of this setting. For more information about pipes and pipe users, see Section 11.1, Traffic Shaping.

Default: 512

Anti-Virus Signature Limit

This gives the option to limit the amount of signatures that are used from the anti-virus database. Lowering the limit would generate a small performance gain. The signatures chosen when lowering the limit is based on severity, the most important/critical signatures are chosen first. Anti-Virus in general is described in detail in Section 6.4, Anti-Virus Scanning.

Default: 100%

WCF Performance Log

This enables or disables the performance log for web content filtering. This is described in detail Section 6.2.7, Examining WCF Performance.

Default: Disabled

Allow IP Rules

This enables or disables the usage of IP rules in cOS Core. When disabled, new IP Rule objects cannot be configured in IP rule sets and alternative IP rule set types such as IP Policy and Stateless Policy objects must be used instead (it is recommended to use these anyway).

Existing IP Rule objects will not be affected when this setting is disabled.

Default: Enabled

Poll Offloading

Poll offloading is a feature that can increase traffic throughput on multi-core hardware platforms by distributing the interface polling function to one of the processing cores. It is enabled by default where cOS Core can determine that the underlying platform is multi-core and it should then only be disabled for troubleshooting purposes.

Poll offloading has a positive throughput effect with most types of traffic when more than one processing core is available but its benefit is particularly noticeable with UDP traffic (for example, with streamed video). The feature is described further in Section 2.6.3, The stats Command.

Default: Enabled

Pseudo Reassembly Settings

Max Connections

Packet reassembly collects IP fragments into complete IP datagrams and, for TCP, reorders segments so that they are processed in the correct order and also to keep track of potential segment overlaps and to inform other subsystems of such overlaps. The associated settings limit memory used by the reassembly subsystem.

This setting specifies how many connections can use the reassembly system at the same time. It is expressed as a percentage of the total number of allowed connections. The minimum value is 1. The maximum value is 100.

Default: 80

Max Memory

This setting specifies how much memory that the reassembly system can allocate to process packets. It is expressed as a percentage of the total memory available. Minimum 1, Maximum 100.

Default: 3

Screen Saver Settings

Timeout

The time in seconds before cOS Core automatically enables its console screen saver. This is a legacy setting from older versions of cOS Core and is not relevant to newer versions. It exists for compatibility reasons only.

Default: 300 seconds (5 minutes)

Screen Saver Selection

The type of screen saver used. Like the Timeout setting, this is a legacy setting and exists for compatibility reasons only.

Default: Blank

Status Bar Selection

The status bar control. This is also a legacy setting that exists for compatibility reasons only.

Default: Auto