ZyXEL VFG6005 User Guide - Page 47

CHAPTER7 SECURITY SETTINGS 7.1 FIREWALL SETUP 1. Click on [Security] - [Firewall] tab. You will see the following screen. 2. Configure Security Settings following the instructions below. SPI Firewall Protection TCP SYN DoS Protection Select Enable to enable SPI Firewall Protection. Select Disable to disable SPI Firewall Protection. Check to enable TCP SYN DoS Protection. Uncheck to disable TCP SYN DoS Protection. TCP SYN DoS attack sends a flood of TCP/SYN packets. Each of these packets are like a connection request, causing the server to consume computing resources (e.g. memory, CPU) to reply and to continuously wait for the incoming packets. Without TCP SYN Dos Protection, the resources in the server will be easily consumed completely. This will then consequently result in the dysfunction of the server. ICMP Broadcasting Protection The ZyXEL VFG6005 Series VPN Firewall Gateway is able to detect TCP SYN DoS attacks and limits the resource consumption by lowering the incoming request rate by fast recycling the resource. Therefore, the ZyXEL VFG6005 Series VPN Firewall Gateway is still able to serve normal traffic while it is under such an attack. Check to enable ICMP Broadcasting Protection. Uncheck to disable ICMP Broadcasting Protection. ICMP broadcasting attack is a type of DoS attacks. A flood of ICMP broadcasting packets is generated and sent to a server (like the ZyXEL VFG6005 Series VPN 38