ZyXEL Communications ZyWall 10W User Manual page 186

ZyWALL Series Internet Security Gateway
LABEL
TCP Maximum
Incomplete
Blocking Time
(min)
Apply
Reset
12-28
Table 12-8 Attack Alert
DESCRIPTION
This is the number of existing half-open TCP
sessions with the same destination host IP
address that causes the firewall to start
dropping half-open sessions to that same
destination host IP address. Enter a number
between 1 and 256. As a general rule, you
should choose a smaller number for a smaller
network, a slower system or limited bandwidth.
When TCP Maximum Incomplete is reached
you can choose if the next session should be
allowed or blocked. If you check Blocking
Time any new sessions will be blocked for the
length of time you specify in the next field (min)
and all old incomplete sessions will be cleared
during this period. If you want strong security, it
is better to block the
traffic for a short time, as it will give the server
some time to digest the loading.
Enter the length of Blocking Time in minutes.
Click Apply to save your changes back to the ZyWALL.
Click Reset to begin configuring this screen afresh.
DEFAULT VALUES
10 existing half-open TCP
sessions (30 in the ZyWALL 10W,
30W and 100).
Select this check box to specify a
number in minutes (min) text box.
0
Firewall Screens