Properties

ARPMatchEnetSender

The Ethernet Sender address matching the hardware address in the ARP data. (Default: DropLog)

ARPQueryNoSenderIP

If the IP source address of an ARP query (NOT response!) is "0.0.0.0". (Default: DropLog)

ARPSenderIP

The IP Source address in ARP packets. (Default: Validate)

UnsolicitedARPReplies

Unsolicited ARP replies. (Default: DropLog)

ARPRequests

Specifies whether or not the ARP requests should automatically be added to or update the ARP table. (Default: Drop)

ARPChanges

ARP packets that would cause an entry to be changed. (Default: AcceptLog)

StaticARPChanges

ARP packets that would cause static entries to be changed. (Default: DropLog)

ARPExpire

Lifetime of an ARP entry in seconds. (Default: 900)

ARPExpireUnknown

Lifetime of an "unknown" ARP entry in seconds. (Default: 3)

ARPMulticast

ARP packets claiming to be multicast addresses; may need to be enabled for some load balancers/redundancy solutions. (Default: DropLog)

ARPBroadcast

ARP packets claiming to be broadcast addresses; should never need to be enabled. (Default: DropLog)

ARPCacheSize

Number of ARP entries in cache, total. (Default: 16384)

ARPHashSize

Number of ARP hash buckets per physical interface. (Default: 16384)

ARPHashSizeVLAN

Number of ARP hash buckets per VLAN interface. (Default: 2048)

ARPIPCollision

Behavior when receiving an ARP request with a sender IP colliding with the one used on the receive interface. (Default: Drop)

ARPLogResolveSuccess

Specifies whether or not to log when ARP Resolve succeeds. (Default: No)

LogResolveFailure

Specifies whether or not to log failed ARP Resolves. (Default: Yes)

NDRateLimit

Rate limit originated ND packets. (Default: 1000)

MaxAnycastDelayTime

Randomized time to delay proxied and anycast advertisements. (Default: 100)

NDMatchEnetSender

Ignore ND packets with mismatching sender- and options MAC-addresses. (Default: Yes)

NDValSenderIP

Validate the IP source address of the ND packet. (Default: Yes)

NDLogResolveSuccess

Specifies whether or not to log when ND Resolve succeeds. (Default: No)

NDChanges

Action to take when ND packets are received that would modify an existing entry. (Default: FavorOld)

StaticNDChanges

Action to take when ND packets are received that would modify a static entry. (Default: DropLog)

NDValidation

Action to take when the stateless validation of a ND packet fail. (Default: DropLog)

NDCacheSize

Number of cached IP/L2 address tuples. (Per iface). (Default: 1024)

NDMaxMulticastSolicit

Number of Neighbor Solicitations before giving up address resolution. (Default: 3)

NDMaxUnicastSolicit

Number of Neighbor Solicitations before giving up a zombie during dead peer detection. (Default: 3)

NDBaseReachableTime

Multiple of randomized time factor in seconds, resulting in the time before a ND entry becomes a zombie. (Default: 30)

NDDelayFirstProbeTime

Time in seconds for a cache entry to go from DELAY to PROBE state unless resolved. (Default: 5)

NDRetransTimer

Number of seconds between each Neighbor Solicitation during address resolution and dead peer detection. (Default: 1)

RAMaxInterval

Maximum time between sending unsolicited multicast Router Advertisement. (Default: 600s). (Default: 600)

RAMinInterval

Minimum time between sending unsolicited multicast Router Advertisement. Will be automatically adjusted if set to less than 3 seconds or greater than .75 * Max RA Interval). (Default: 200)

RAAutoLifetime

Auto adjust the Router Lifetime field using the following formula; 3 * Max RA Interval. (Default: Yes)

RADefaultLifetime

The value to be placed in the Router Lifetime field of Router Advertisements sent from the firewall, in seconds. (Default: 1800s). (Default: 1800)

RAReachableTime

The value to be placed in the Reachable Time field in the Router Advertisement messages firewall. The value zero means unspecified. (Default: 0s). (Default: 0)

RARetransTimer

The value to be placed in the Retrans Timer field in the Router Advertisement messages sent by the firewall. The value zero means unspecified. (Default: 0s). (Default: 0)

RAManagedFlag

Indicates that addresses are available via DHCPv6. (Default: False). (Default: No)

RAOtherConfigFlag

Indicates that other configuration information is available via DHCPv6. (Default: False). (Default: No)

RACurHopLimit

The default value to be placed in the Cur Hop Limit field in the Router Advertisement messages sent by the firewall. The value zero means unspecified. (Default: 64). (Default: 64)

RALinkMTU

The value to be placed in MTU options sent. A value of zero indicates that no MTU options are sent. (Default: 0). (Default: 0)

RAValidLifetime

The value to be placed in the Valid Lifetime in the Prefix Information option. The value of 999999999 represents infinity. (Default: 2592000s). (Default: 2592000)

RAPreferredLifetime

The value to be placed in the Preferred Lifetime in the Prefix Information option. The value of 999999999 represents infinity. (Default: 604800s). (Default: 604800)

RAOnLinkFlag

Indicates that the advertised prefix can be used for on-link determination. (Default: True). (Default: Yes)

RAAutonomousFlag

Indicates that the advertised prefix can be used for stateless address configuration. (Default: True). (Default: Yes)