ZyXEL Communications ZyWall 35 User Manual page 198
Internet security appliance
Hide thumbs
Also See for ZyWall 35:
- User manual (872 pages) ,
- Support notes (335 pages) ,
- Quick start manual (142 pages)
Table of Contents
Advertisement
ZyWALL 35 User's Guide
Table 61 Firewall Threshold (continued)
LABEL
One Minute High
Maximum
Incomplete Low
Maximum
Incomplete High
TCP Maximum
Incomplete
Action taken when
the TCP Maximum
Incomplete
threshold is
reached.
Delete the oldest
half open session
when new
connection request
comes
Deny new
connection request
for
Apply
Reset
196
DESCRIPTION
This is the rate of new half-open sessions that causes the firewall to start deleting
half-open sessions. When the rate of new connection attempts rises above this
number, the ZyWALL deletes half-open sessions as required to accommodate
new connection attempts.
The numbers, say 80 in the One Minute Low field and 100 in this field, cause the
ZyWALL to start deleting half-open sessions when more than 100 session
establishment attempts have been detected in the last minute, and to stop
deleting half-open sessions when fewer than 80 session establishment attempts
have been detected in the last minute.
This is the number of existing half-open sessions that causes the firewall to stop
deleting half-open sessions. The ZyWALL continues to delete half-open requests
as necessary, until the number of existing half-open sessions drops below this
number.
This is the number of existing half-open sessions that causes the firewall to start
deleting half-open sessions. When the number of existing half-open sessions
rises above this number, the ZyWALL deletes half-open sessions as required to
accommodate new connection requests. Do not set Maximum Incomplete High
to lower than the current Maximum Incomplete Low number.
The above values, say 80 in the Maximum Incomplete Low field and 100 in this
field, cause the ZyWALL to start deleting half-open sessions when the number of
existing half-open sessions rises above 100, and to stop deleting half-open
sessions with the number of existing half-open sessions drops below 80.
This is the number of existing half-open TCP sessions with the same destination
host IP address that causes the firewall to start dropping half-open sessions to
that same destination host IP address. Enter a number between 1 and 256. As a
general rule, you should choose a smaller number for a smaller network, a slower
system or limited bandwidth.
Select this radio button to clear the oldest half open session when a new
connection request comes.
Select this radio button and specify for how long the ZyWALL should block new
connection requests when TCP Maximum Incomplete is reached.
Enter the length of blocking time in minutes (between 1 and 256).
Click Apply to save your changes back to the ZyWALL.
Click Reset to begin configuring this screen afresh.
Chapter 10 Firewall Screens
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall 35
Related Products for ZyXEL Communications ZyWall 35
- ZyXEL Communications Vantage Report 3.0
- ZyXEL Communications ZyXEL ZyWALL 5
- ZyXEL Communications ZyXEL ZyWALL USG-1000
- ZyXEL Communications ZYWALL 35 - V4.04
- ZyXEL Communications ZYWALL 35 - V4.03
- ZyXEL Communications 35 Series
- ZyXEL Communications Prestige 314 PLUS
- ZyXEL Communications ZyXEL ZyWALL 30W