ZyXEL Communications ZyWALL 10 User Manual page 180

Field
TCP Maximum
Incomplete
Blocking Time
(min)
When you have finished, click Apply to save your customized settings and exit this screen,
Cancel to exit this screen without saving, or Help for online HTML help on fields in this screen.
Introducing the ZyWALL Web Configurator
Description
rises above this number, the ZyWALL
deletes half-open sessions as required to
accommodate new connection requests.
Do not set Maximum Incomplete High to
lower than the current Max-Incomplete
Low number.
This is the number of existing half-open
TCP sessions with the same destination
host IP address that causes the firewall to
start dropping half-open sessions to that
same destination host IP address. Enter a
number between 1 and 250. As a general
rule, you should choose a smaller number
for a smaller network, a slower system or
limited bandwidth.
When TCP Maximum Incomplete is
reached you can choose if the next
session should be allowed or blocked. If
you check Blocking Time any new
sessions will be blocked for the length of
time you specify in the next field (min)
and all old incomplete sessions will be
cleared during this period. If you want
strong security, it is better to block the
traffic for a short time, as it will give the
server some time to digest the loading.
Enter the length of Blocking Time in
minutes.
ZyWALL 10 Internet Security Gateway
Default Values
half-open sessions when
the number of existing
half-open sessions rises
above 100, and to stop
deleting half-open
sessions with the number
of existing half-open
sessions drops below 80:
10 existing half-open TCP
sessions
Check this checkbox to
specify a number in
minutes (min) text box.
10
15-11