ZyWALL 5/35/70 Series User’s Guide

 

Table 72 Firewall Threshold (continued)

 

 

 

 

LABEL

DESCRIPTION

 

 

 

 

Maximum

This is the number of existing half-open sessions that causes the firewall to start

 

Incomplete High

deleting half-open sessions. When the number of existing half-open sessions

 

 

rises above this number, the ZyWALL deletes half-open sessions as required to

 

 

accommodate new connection requests. Do not set Maximum Incomplete High

 

 

to lower than the current Maximum Incomplete Low number.

 

 

The above values, say 80 in the Maximum Incomplete Low field and 100 in this

 

 

field, cause the ZyWALL to start deleting half-open sessions when the number of

 

 

existing half-open sessions rises above 100, and to stop deleting half-open

 

 

sessions with the number of existing half-open sessions drops below 80.

 

TCP Maximum

This is the number of existing half-open TCP sessions with the same destination

 

Incomplete

host IP address that causes the firewall to start dropping half-open sessions to

 

 

that same destination host IP address. Enter a number between 1 and 256. As a

 

 

general rule, you should choose a smaller number for a smaller network, a slower

 

 

system or limited bandwidth.

 

Action taken when

 

 

the TCP Maximum

 

 

Incomplete

 

 

threshold is

 

 

reached.

 

 

Delete the oldest

Select this radio button to clear the oldest half open session when a new

 

half open session

connection request comes.

 

when new

 

 

connection request

 

 

comes

 

 

Deny new

Select this radio button and specify for how long the ZyWALL should block new

 

connection request

connection requests when TCP Maximum Incomplete is reached.

 

for

Enter the length of blocking time in minutes (between 1 and 256).

 

 

 

 

 

 

Apply

Click Apply to save your changes back to the ZyWALL.

 

 

 

 

Reset

Click Reset to begin configuring this screen afresh.

 

 

 

11.11 Service

Click SECURITY, FIREWALL, then the Service tab to open the screen as shown next. Use this screen to configure custom services for use in firewall rules or view the services that are predefined in the ZyWALL.

Chapter 11 Firewall Screens

226