Chapter 12 Firewall Configuration
Table 71 Firewall: Threshold (continued)
LABEL | DESCRIPTION |
| DEFAULT VALUES |
Maximum | This is the number of existing |
| 100 existing |
Incomplete High | sessions that causes the firewall to start |
| The above values causes the |
| deleting |
| ZyXEL Device to start deleting |
| number of existing |
| |
| above this number, the ZyXEL Device |
| number of existing |
| deletes |
| sessions rises above 100, and to |
| accommodate new connection requests. Do |
| stop deleting |
| not set Maximum Incomplete High to lower |
| with the number of existing half- |
| than the current Maximum Incomplete Low |
| open sessions drops below 80. |
| number. |
|
|
|
|
|
|
TCP Maximum | This is the number of existing |
| 10 existing |
Incomplete | sessions with the same destination host IP |
| sessions. |
| address that causes the firewall to start |
|
|
| dropping |
|
|
| destination host IP address. Enter a number |
|
|
| between 1 and 256. As a general rule, you |
|
|
| should choose a smaller number for a smaller |
|
|
| network, a slower system or limited |
|
|
| bandwidth. |
|
|
|
|
|
|
Action taken when TCP Maximum Incomplete threshold is reached. |
| ||
|
|
|
|
Delete the Oldest | Select this radio button to clear the oldest half |
|
|
Half Open | open session when a new connection request |
|
|
Session when | comes. |
|
|
New Connection |
|
|
|
Request Comes |
|
|
|
|
|
|
|
Deny New | Select this radio button and specify for how |
|
|
Connection | long the ZyXEL Device should block new |
|
|
Request for | connection requests when TCP Maximum |
|
|
| Incomplete is reached. |
|
|
| Enter the length of blocking time in minutes |
|
|
| (between 1 and 255). |
|
|
|
|
| |
Apply | Click Apply to save your changes to the ZyXEL Device. | ||
|
| ||
Cancel | Click Cancel to begin configuring this screen afresh. | ||
|
|
|
|
| 193 |
|
|