ZyXEL Communications Vantage CNM 2.3 User Manual page 133

screen. The global values specified for the threshold and timeout apply to all TCP
connections.
Figure 53 Device Operation > Device Configuration > Security > Firewall >
Threshold
The following table describes the labels in this screen.
Table 46 Device Operation > Device Configuration > Security > Firewall >
Threshold
LABEL
Disable DoS
Attack Protection
on
Denial of Service
Thresholds
One Minute Low
Vantage CNM User's Guide
DESCRIPTION
Select the interface(s) (or VPN tunnels) for which you want the device
to not use the Denial of Service protection thresholds. This disables
DoS protection on the selected interface (or all VPN tunnels).
You may want to disable DoS protection for an interface if the device is
treating valid traffic as DoS attacks. Another option would be to raise
the thresholds.
The device measures both the total number of existing half-open
sessions and the rate of session establishment attempts. Both TCP and
UDP half-open sessions are counted in the total number and rate
measurements. Measurements are made once a minute.
This is the rate of new half-open sessions per minute that causes the
firewall to stop deleting half-open sessions. The device continues to
delete half-open sessions as necessary, until the rate of new
connection attempts drops below this number.
Chapter 6 Device Security Settings
133