ZyXEL P-660HW-T1 v3 User Guide - Page 190
What You Need to Know About Firewall
View all ZyXEL P-660HW-T1 v3 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 190 highlights
Chapter 10 Firewalls • Use the Threshold screen (Section 10.4 on page 202) to set the thresholds that the ZyXEL Device uses to determine when to start dropping sessions that do not become fully established (half-open sessions). 10.1.2 What You Need to Know About Firewall DoS Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks. Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. ICMP Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user. DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that do not become fully established. These thresholds apply globally to all sessions. You can use the default threshold values, or you can change them to values more suitable to your security requirements. Finding Out More • See Section 10.1.3 on page 191 for an example of setting up a firewall. • See Section 10.5 on page 205 for advanced technical information on firewall. 190 P-660HW-Tx v3 Series User's Guide