Vantage CNM 2.0 User's Guide
Table 65 Configuration > Firewall > DoS Settings (continued)
LABEL
TCP Maximum
Incomplete
Blocking Time
(minutes)
Save
Cancel
12.5.3 Add/Edit a Firewall Rule
Each device has a different number of rules and custom ports; see the device User Guide for
more details.
In
Figure 80 on page
rule.
181
DESCRIPTION
This is the number of existing half-open TCP
sessions with the same destination host IP
address that causes the firewall to start
dropping half-open sessions to that same
destination host IP address. Enter a number
between 1 and 256. As a general rule, you
should choose a smaller number for a smaller
network, a slower system or limited bandwidth
When TCP Maximum Incomplete is reached
you can choose if the next session should be
allowed or blocked. If you check Blocking Time
any new sessions will be blocked for the length
of time you specify in the next field (min) and all
old incomplete sessions will be cleared during
this period. If you want strong security, it is
better to block the
traffic for a short time, as it will give the server
some time to digest the loading.
Enter the length of Blocking Time in minutes.
Click Save to save your changes and return to
the previous screen.
Click Cancel to return to the previous screen.
183, select an existing rule to edit it or click Add to create a new firewall
EXAMPLE VALUES
.10 existing half-open TCP
sessions
Select this check box to
specify a number in minutes
(min) text box.
0
Chapter 12 Configuration > Firewall