Table of Contents
Advertisement
Chapter 7 Firewalls
have access to network resources. The ZyXEL Device is pre-configured to automatically detect and
thwart all known DoS attacks.
Anti-Probing
If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response
packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The
ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed.
ICMP
Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams,
but the messages are processed by the TCP/IP software and directly apparent to the application
user.
DoS Thresholds
For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that do not
become fully established. These thresholds apply globally to all sessions. You can use the default
threshold values, or you can change them to values more suitable to your security requirements.
7.1.3 Firewall Rule Setup Example
The following Internet firewall rule example allows a hypothetical "MyService" connection from the
Internet.
Click Security > Firewall > Rules.
1
Select WAN to LAN in the Packet Direction field.
2
Figure 49 Firewall Example: Rules
86
P-660R-F1 Series User's Guide
Hide quick links:
Advertisement
Table of Contents
