1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. VMG1312-T10C
  6. User manual

Configuring Firewall Thresholds - ZyXEL Communications VMG1312-T10C User Manual

Wireless 2x2 802.lln vdsl2 4-port gateway with usb
Hide thumbs
Table of Contents

Advertisement

Chapter 14 Firewall
Network bandwidth.
4
Type of traffic for certain servers.
5
Reduce the threshold values if your network is slower than average for any of these factors
(especially if you have servers that are slow or handle many tasks and are often busy).
• If you often use P2P applications such as file sharing with eMule or eDonkey, it's recommended
that you increase the threshold values since lots of sessions will be established during a small
period of time and the Device may classify them as DoS attacks.

14.5.2 Configuring Firewall Thresholds

Click Security > Firewall > DoS > Advanced to display the following screen.
Figure 112 Security > Firewall > DoS > Advanced
The following table describes the labels in this screen.
Table 67 Security > Firewall > DoS > Advanced
LABEL
TCP SYN-Request
Count
UDP Packet Count
ICMP Echo-Request
Count
ICMP Redirect
DoS Log(Log Level:
DEBUG)
164
DESCRIPTION
This is the rate of new TCP half-open sessions per second that causes the firewall to
start deleting half-open sessions. When the rate of new connection attempts rises
above this number, the Device deletes half-open sessions as required to
accommodate new connection attempts.
This is the rate of new UDP half-open sessions per second that causes the firewall to
start deleting half-open sessions. When the rate of new connection attempts rises
above this number, the Device deletes half-open sessions as required to
accommodate new connection attempts.
This is the rate of new ICMP Echo-Request half-open sessions per second that causes
the firewall to start deleting half-open sessions. When the rate of new connection
attempts rises above this number, the Device deletes half-open sessions as required
to accommodate new connection attempts.
Select Enable to monitor for and block ICMP redirect attacks.
An ICMP redirect attack is one where forged ICMP redirect messages can force the
client device to route packets for certain connections through an attacker's host.
Select Enable to log DoS attacks. See
viewing logs.
Section 17.2 on page 182
for information on
VMG1312-T10C User's Guide

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications VMG1312-T10C

Related Content for ZyXEL Communications VMG1312-T10C

Table of Contents