Enable incremental updates to IDP, GAV, and SPY signature databases.Minimum HTTP header length (0 to disable): 0.
that trigger on TCP Streams with unidentified protocols.Do not apply signatures containing file offset qualifiers.Disable Gateway AV SMB read/write ordering enforcement.Disable App-Firewall SMTP CHUNKING modification.Disable TCP expected sequence adjustment in DPI.Refresh sub-domains of wildcard FQDN address objects.Protect against TCP State Manipulation DoS.Decrease connection count immediately after TCP connection close.Enable to bandwidth manage WAN to WAN traffic.Enable Tracking Bandwidth Usage for default traffic.Allow TCP/UDP packet with source port being zero to pass through the firewall.
Update route version when a route is enabled/disabled (affects existing connections).Flush flows on an alternate path when normal route path is enabled (affects existing connections).
Ignore ARPs with primary gateways MAC received on other interfaces.Periodically broadcast system ARPs every 60 minutes.Never broadcast more than 100 Gratuitous ARPs in any 60 second period.Enable Gratuitous ARP Compatibility Mode.Bypass ARP processing on L2 bridge interfaces.Only allow ARP entries with unicast addresses.
It appears to be available in all of the TZ series devices, the SOHO, and likely others. Earlier I stumbled across a hidden set of features and settings in a TZ215 by going to /diag.html and figured I'd share this with everyone in case you were unaware of it as I was.