ZyXEL Communications ZyWALL 5 User Manual page 159

LABEL
Maximum This is the number of existing half-open sessions that causes the firewall to start
Incomplete High deleting half-open sessions. When the number of existing half-open sessions rises
above this number, the ZyWALL deletes half-open sessions as required to
accommodate new connection requests. Do not set Maximum Incomplete High to
lower than the current Maximum Incomplete Low number.
The above values, say 80 in the Maximum Incomplete Low field and 100 in this field,
cause the ZyWALL to start deleting half-open sessions when the number of existing
half-open sessions rises above 100, and to stop deleting half-open sessions with the
number of existing half-open sessions drops below 80.
TCP Maximum This is the number of existing half-open TCP sessions with the same destination host
Incomplete IP address that causes the firewall to start dropping half-open sessions to that same
destination host IP address. Enter a number between 1 and 256. As a general rule, you
should choose a smaller number for a smaller network, a slower system or limited
bandwidth.
Action taken when the TCP Maximum Incomplete threshold is reached.
Delete the oldest Select this radio button to clear the oldest half open session when a new connection
half open session request comes.
when new
connection request
comes
Deny new Select this radio button and specify for how long the ZyWALL should block new
connection request connection requests when TCP Maximum Incomplete is reached.
for
Enter the length of blocking time in minutes (between 1 and 256).
Click Apply to save your changes back to the ZyWALL.
Apply
Reset Click Reset to begin configuring this screen afresh.
Firewall Screens
Table 10-8 Firewall Threshold
DESCRIPTION
ZyWALL 5 Internet Security Appliance
10-21