|
| ZyWALL 5/35/70 Series User’s Guide |
| Table 72 Firewall Threshold (continued) | |
|
|
|
| LABEL | DESCRIPTION |
|
|
|
| Maximum | This is the number of existing |
| Incomplete High | deleting |
|
| rises above this number, the ZyWALL deletes |
|
| accommodate new connection requests. Do not set Maximum Incomplete High |
|
| to lower than the current Maximum Incomplete Low number. |
|
| The above values, say 80 in the Maximum Incomplete Low field and 100 in this |
|
| field, cause the ZyWALL to start deleting |
|
| existing |
|
| sessions with the number of existing |
| TCP Maximum | This is the number of existing |
| Incomplete | host IP address that causes the firewall to start dropping |
|
| that same destination host IP address. Enter a number between 1 and 256. As a |
|
| general rule, you should choose a smaller number for a smaller network, a slower |
|
| system or limited bandwidth. |
| Action taken when |
|
| the TCP Maximum |
|
| Incomplete |
|
| threshold is |
|
| reached. |
|
| Delete the oldest | Select this radio button to clear the oldest half open session when a new |
| half open session | connection request comes. |
| when new |
|
| connection request |
|
| comes |
|
| Deny new | Select this radio button and specify for how long the ZyWALL should block new |
| connection request | connection requests when TCP Maximum Incomplete is reached. |
| for | Enter the length of blocking time in minutes (between 1 and 256). |
|
| |
|
|
|
| Apply | Click Apply to save your changes back to the ZyWALL. |
|
|
|
| Reset | Click Reset to begin configuring this screen afresh. |
|
|
|
11.11 Service
Click SECURITY, FIREWALL, then the Service tab to open the screen as shown next. Use this screen to configure custom services for use in firewall rules or view the services that are predefined in the ZyWALL.
Chapter 11 Firewall Screens | 226 |