Prestige 2602HW Series User’s Guide

Table 54 Firewall: Threshold (continued)

LABEL

DESCRIPTION

DEFAULT VALUES

 

 

 

One Minute High

This is the rate of new half-open sessions that

100 half-open sessions per minute.

 

causes the firewall to start deleting half-open

The above numbers cause the

 

sessions. When the rate of new connection

Prestige to start deleting half-open

 

attempts rises above this number, the

sessions when more than 100

 

Prestige deletes half-open sessions as

session establishment attempts

 

required to accommodate new connection

have been detected in the last

 

attempts.

minute, and to stop deleting half-

 

 

open sessions when fewer than 80

 

 

session establishment attempts

 

 

have been detected in the last

 

 

minute.

Maximum

This is the number of existing half-open

80 existing half-open sessions.

Incomplete Low

sessions that causes the firewall to stop

 

 

deleting half-open sessions. The Prestige

 

 

continues to delete half-open requests as

 

 

necessary, until the number of existing half-

 

 

open sessions drops below this number.

 

Maximum

This is the number of existing half-open

100 existing half-open sessions.

Incomplete High

sessions that causes the firewall to start

The above values causes the

 

deleting half-open sessions. When the

Prestige to start deleting half-open

 

number of existing half-open sessions rises

sessions when the number of

 

above this number, the Prestige deletes half-

existing half-open sessions rises

 

open sessions as required to accommodate

above 100, and to stop deleting

 

new connection requests. Do not set

half-open sessions with the

 

Maximum Incomplete High to lower than the

number of existing half-open

 

current Maximum Incomplete Low number.

sessions drops below 80.

TCP Maximum

This is the number of existing half-open TCP

30 existing half-open TCP

Incomplete

sessions with the same destination host IP

sessions.

 

address that causes the firewall to start

 

 

dropping half-open sessions to that same

 

 

destination host IP address. Enter a number

 

 

between 1 and 256. As a general rule, you

 

 

should choose a smaller number for a smaller

 

 

network, a slower system or limited

 

 

bandwidth.

 

Action taken when

 

 

the TCP Maximum

 

 

Incomplete

 

 

threshold is

 

 

reached.

 

 

Delete the oldest

Select this radio button to clear the oldest half

 

half open session

open session when a new connection request

 

when new

comes.

 

connection

 

 

request comes

 

 

Deny new

Select this radio button and specify for how

 

connection

long the Prestige should block new

 

request for

connection requests when TCP Maximum

 

 

Incomplete is reached.

 

 

Enter the length of blocking time in minutes

 

 

(between 1 and 256).

 

Back

Click Back to return to the previous screen.

 

 

 

Apply

Click Apply to save your changes back to the Prestige.

 

 

Cancel

Click Cancel to begin configuring this screen afresh.

 

 

 

190

Chapter 14 Firewall Configuration