ZyXEL Vantage CNM User Guide - Page 134
Device Operation > Device Configuration > Security > Firewall > Threshold, continued
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 134 highlights
Chapter 6 Device Security Settings Table 46 Device Operation > Device Configuration > Security > Firewall > Threshold (continued) LABEL DESCRIPTION One Minute High This is the rate of new half-open sessions per minute that causes the firewall to start deleting half-open sessions. When the rate of new connection attempts rises above this number, the device deletes halfopen sessions as required to accommodate new connection attempts. Maximum Incomplete Low Maximum Incomplete High For example, if you set the one minute high to 100, the device starts deleting half-open sessions when more than 100 session establishment attempts have been detected in the last minute. It stops deleting halfopen sessions when the number of session establishment attempts detected in a minute goes below the number set as the one minute low. This is the number of existing half-open sessions that causes the firewall to stop deleting half-open sessions. The device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. This is the number of existing half-open sessions that causes the firewall to start deleting half-open sessions. When the number of existing half-open sessions rises above this number, the device deletes half-open sessions as required to accommodate new connection requests. Do not set Maximum Incomplete High to lower than the current Maximum Incomplete Low number. TCP Maximum Incomplete For example, if you set the maximum incomplete high to 100, the device starts deleting half-open sessions when the number of existing half-open sessions rises above 100. It stops deleting half-open sessions when the number of existing half-open sessions drops below the number set as the maximum incomplete low. An unusually high number of half-open sessions with the same destination host address could indicate that a DoS attack is being launched against the host. Blocking Time Specify the number of existing half-open TCP sessions with the same destination host IP address that causes the firewall to start dropping half-open sessions to that same destination host IP address. Enter a number between 1 and 256. As a general rule, you should choose a smaller number for a smaller network, a slower system or limited bandwidth. The device sends alerts whenever the TCP Maximum Incomplete is exceeded. Select the action that the device takes when the TCP maximum incomplete threshold is reached. Select the check box if you want the device to deny new connection requests for the number of minutes that you specify (between 1 and 255). Apply Reset Clear the check box if you want the device to delete the oldest half open session when a new connection request comes. Click this to save your changes back to the device. Click this to begin configuring this screen afresh. 134 Vantage CNM User's Guide