Chapter 11 Firewall
The following table describes the labels in this screen.
Table 52 SECURITY > FIREWALL >
LABEL | DESCRIPTION |
Respond to PING | Select the check boxes of the interfaces that you want to reply to incoming Ping |
on | requests. |
| Clear an interface’s check box to have the ZyWALL not respond to any Ping |
| requests that come into that interface. |
|
|
Do not respond to | Select this option to prevent hackers from finding the ZyWALL by probing for |
requests for | unused ports. If you select this option, the ZyWALL will not respond to port |
unauthorized | request(s) for unused ports, thus leaving the unused ports and the ZyWALL |
services. | unseen. If this option is not selected, the ZyWALL will reply with an ICMP port |
| unreachable packet for a port probe on its unused UDP ports and a TCP reset |
| packet for a port probe on its unused TCP ports. |
| Note that the probing packets must first traverse the ZyWALL's firewall rule |
| checks before reaching this |
| stops a probing packet, the ZyWALL reacts based on the firewall rule to either |
| send a TCP reset packet for a blocked TCP packet (or an ICMP |
| packet for a blocked UDP packets) or just drop the packets without sending a |
| response packet. |
|
|
Apply | Click Apply to save your changes back to the ZyWALL. |
|
|
Reset | Click Reset to begin configuring this screen afresh. |
|
|
11.11 Firewall Thresholds
For DoS attacks, the ZyWALL uses thresholds to determine when to start dropping sessions that do not become fully established
For TCP,
Figure 140
For UDP,
212 |
| |
ZyWALL 2 Plus User’s Guide |
| |
|
|
|