Table 44 Firewall: Threshold (continued)
LABEL
Maximum
Incomplete High
TCP Maximum
Incomplete
Action taken when the TCP Maximum Incomplete threshold is reached.
Delete the oldest
half open session
when new
connection
request comes
Deny new
connection
request for
Back
Apply
Cancel
11.7 Firewall Configuration Technical Reference
This section provides some technical background information about the topics covered in this
chapter.
11.7.1 Firewall Policies Overview
Firewall rules are grouped based on the direction of travel of packets to which they apply:
P-660W-Tx v2 User's Guide
DESCRIPTION
This is the number of existing half-open
sessions that causes the firewall to start
deleting half-open sessions. When the
number of existing half-open sessions rises
above this number, the ZyXEL Device deletes
half-open sessions as required to
accommodate new connection requests. Do
not set Maximum Incomplete High to lower
than the current Maximum Incomplete Low
number.
This is the number of existing half-open TCP
sessions with the same destination host IP
address that causes the firewall to start
dropping half-open sessions to that same
destination host IP address. Enter a number
between 1 and 256. As a general rule, you
should choose a smaller number for a smaller
network, a slower system or limited
bandwidth.
Select this radio button to clear the oldest half
open session when a new connection request
comes.
Select this radio button and specify for how
long the ZyXEL Device should block new
connection requests when TCP Maximum
Incomplete is reached.
Enter the length of blocking time in minutes
(between 1 and 256).
Click Back to return to the previous screen.
Click Apply to save your changes back to the ZyXEL Device.
Click Cancel to begin configuring this screen afresh.
•
LAN to LAN/ Router
•
LAN to WAN
Chapter 11 Firewall Configuration
DEFAULT VALUES
100 existing half-open sessions.
The above values causes the
ZyXEL Device to start deleting
half-open sessions when the
number of existing half-open
sessions rises above 100, and to
stop deleting half-open sessions
with the number of existing half-
open sessions drops below 80.
30 existing half-open TCP
sessions.
•
WAN to LAN
•
WAN to WAN/ Router
125