Chapter 9 Firewalls
Table 57 Security > Firewall > Threshold (continued)
LABEL | DESCRIPTION |
TCP Maximum | An unusually high number of |
Incomplete | address could indicate that a DoS attack is being launched against the host. |
| Specify the number of existing |
| host IP address that causes the firewall to start dropping |
| that same destination host IP address. Enter a number between 1 and 256. As a |
| general rule, you should choose a smaller number for a smaller network, a slower |
| system or limited bandwidth. The ZyXEL Device sends alerts whenever the TCP |
| Maximum Incomplete is exceeded. |
Action taken when | Select the action that ZyXEL Device should take when the TCP maximum |
TCP Maximum | incomplete threshold is reached. You can have the ZyXEL Device either: |
Incomplete | Delete the oldest half open session when a new connection request comes. |
reached threshold | or |
| |
| Deny new connection requests for the number of minutes that you specify |
| (between 1 and 255). |
|
|
Apply | Click this to save your changes. |
|
|
Cancel | Click this to restore your previously saved settings. |
|
|
9.5 Firewall Technical Reference
This section provides some technical background information about the topics covered in this chapter.
9.5.1 Firewall Rules Overview
Your customized rules take precedence and override the ZyXEL Device’s default settings. The ZyXEL Device checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the ZyXEL Device takes the action specified in the rule.
Firewall rules are grouped based on the direction of travel of packets to which they apply:
• | LAN to LAN/ Router | • | WAN to LAN |
• | LAN to WAN | • | WAN to WAN/ Router |
"The LAN includes both the LAN port and the WLAN.
By default, the ZyXEL Device’s stateful packet inspection allows packets traveling in the following directions:
•LAN to LAN/ Router
These rules specify which computers on the LAN can manage the ZyXEL Device (remote management) and communicate between networks or subnets connected to the LAN interface (IP alias).
166 |
| |
| ||
|
|
|