ZyWALL 2 Series User’s Guide

 

Table 11-6 Attack Alert

 

 

 

 

LABEL

DESCRIPTION

DEFAULT VALUES

 

 

 

Generate alert when

A detected attack automatically generates a

 

attack detected

log entry. Check this box to generate an alert

 

 

(as well as a log) whenever an attack is

 

 

detected. See the chapter on logs for more

 

 

information on logs and alerts.

 

 

 

 

Denial of Service Thresholds

 

 

 

 

One Minute Low

This is the rate of new half-open sessions that

80 existing half-open sessions.

 

causes the firewall to stop deleting half-open

 

 

sessions. The ZyWALL continues to delete

 

 

half-open sessions as necessary, until the

 

 

rate of new connection attempts drops below

 

 

this number.

 

 

 

 

One Minute High

This is the rate of new half-open sessions that

100 half-open sessions per

 

causes the firewall to start deleting half-open

minute. The above numbers

 

sessions. When the rate of new connection

cause the ZyWALL to start

 

attempts rises above this number, the

deleting half-open sessions when

 

ZyWALL deletes half-open sessions as

more than 100 session

 

required to accommodate new connection

establishment attempts have

 

attempts.

been detected in the last minute,

 

 

and to stop deleting half-open

 

 

sessions when fewer than 80

 

 

session establishment attempts

 

 

have been detected in the last

 

 

minute.

Maximum Incomplete

This is the number of existing half-open

80 existing half-open sessions.

Low

sessions that causes the firewall to stop

 

 

deleting half-open sessions. The ZyWALL

 

 

continues to delete half-open requests as

 

 

necessary, until the number of existing half-

 

 

open sessions drops below this number.

 

 

 

 

Firewall Screens

11-23