Table 44 Firewall: Threshold







Denial of Service






One Minute Low

This is the rate of new half-open sessions that

80 existing half-open sessions.


causes the firewall to stop deleting half-open



sessions. The Prestige continues to delete



half-open sessions as necessary, until the



rate of new connection attempts drops below



this number.


One Minute High

This is the rate of new half-open sessions that

100 half-open sessions per minute.


causes the firewall to start deleting half-open

The above numbers cause the


sessions. When the rate of new connection

Prestige to start deleting half-open


attempts rises above this number, the

sessions when more than 100


Prestige deletes half-open sessions as

session establishment attempts


required to accommodate new connection

have been detected in the last



minute, and to stop deleting half-



open sessions when fewer than 80



session establishment attempts



have been detected in the last





This is the number of existing half-open

80 existing half-open sessions.

Incomplete Low

sessions that causes the firewall to stop



deleting half-open sessions. The Prestige



continues to delete half-open requests as



necessary, until the number of existing half-



open sessions drops below this number.



This is the number of existing half-open

100 existing half-open sessions.

Incomplete High

sessions that causes the firewall to start

The above values causes the


deleting half-open sessions. When the

Prestige to start deleting half-open


number of existing half-open sessions rises

sessions when the number of


above this number, the Prestige deletes half-

existing half-open sessions rises


open sessions as required to accommodate

above 100, and to stop deleting


new connection requests. Do not set

half-open sessions with the


Maximum Incomplete High to lower than the

number of existing half-open


current Maximum Incomplete Low number.

sessions drops below 80.

TCP Maximum

This is the number of existing half-open TCP

30 existing half-open TCP


sessions with the same destination host IP



address that causes the firewall to start



dropping half-open sessions to that same



destination host IP address. Enter a number



between 1 and 256. As a general rule, you



should choose a smaller number for a smaller



network, a slower system or limited





Action taken when the TCP Maximum Incomplete threshold is reached.




Delete the oldest

Select this radio button to clear the oldest half


half open session

open session when a new connection request


when new






request comes



