ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual page 180

ZyWALL 2 Series User's Guide
LABEL
Maximum Incomplete
High
TCP Maximum
Incomplete
Blocking Period
(min)
Apply
Reset
11-24
Table 11-6 Attack Alert
DESCRIPTION
This is the number of existing half-open
sessions that causes the firewall to start
deleting half-open sessions. When the
number of existing half-open sessions rises
above this number, the ZyWALL deletes half-
open sessions as required to accommodate
new connection requests. Do not set
Maximum Incomplete High to lower than the
current Maximum Incomplete Low number.
This is the number of existing half-open TCP
sessions with the same destination host IP
address that causes the firewall to start
dropping half-open sessions to that same
destination host IP address. Enter a number
between 1 and 256. As a general rule, you
should choose a smaller number for a smaller
network, a slower system or limited
bandwidth.
When TCP Maximum Incomplete is reached
you can choose if the next session should be
allowed or blocked. If you check Blocking
Period any new sessions will be blocked for
the length of time you specify in the next field
(min) and all old incomplete sessions will be
cleared during this period. If you want strong
security, it is better to block the
traffic for a short time, as it will give the server
some time to digest the loading.
Enter the length of Blocking Period in
minutes.
Click Apply to save your changes back to the ZyWALL.
Click Reset to begin configuring this screen afresh.
DEFAULT VALUES
100 existing half-open sessions.
The above values causes the
ZyWALL to start deleting half-
open sessions when the number
of existing half-open sessions
rises above 100, and to stop
deleting half-open sessions with
the number of existing half-open
sessions drops below 80.
30 existing half-open TCP
sessions.
Select this check box to specify a
number in minutes (min) text
box.
0
Firewall Screens