Home » ZyXEL Manuals » Networking » ZyXEL Vantage CNM » Manual Viewer

ZyXEL Vantage CNM User Guide - Page 134

Device Operation > Device Configuration > Security > Firewall > Threshold, continued

Get ZyXEL Vantage CNM PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 134 highlights

Chapter 6 Device Security Settings Table 46 Device Operation > Device Configuration > Security > Firewall > Threshold (continued) LABEL DESCRIPTION One Minute High This is the rate of new half-open sessions per minute that causes the firewall to start deleting half-open sessions. When the rate of new connection attempts rises above this number, the device deletes halfopen sessions as required to accommodate new connection attempts. Maximum Incomplete Low Maximum Incomplete High For example, if you set the one minute high to 100, the device starts deleting half-open sessions when more than 100 session establishment attempts have been detected in the last minute. It stops deleting halfopen sessions when the number of session establishment attempts detected in a minute goes below the number set as the one minute low. This is the number of existing half-open sessions that causes the firewall to stop deleting half-open sessions. The device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. This is the number of existing half-open sessions that causes the firewall to start deleting half-open sessions. When the number of existing half-open sessions rises above this number, the device deletes half-open sessions as required to accommodate new connection requests. Do not set Maximum Incomplete High to lower than the current Maximum Incomplete Low number. TCP Maximum Incomplete For example, if you set the maximum incomplete high to 100, the device starts deleting half-open sessions when the number of existing half-open sessions rises above 100. It stops deleting half-open sessions when the number of existing half-open sessions drops below the number set as the maximum incomplete low. An unusually high number of half-open sessions with the same destination host address could indicate that a DoS attack is being launched against the host. Blocking Time Specify the number of existing half-open TCP sessions with the same destination host IP address that causes the firewall to start dropping half-open sessions to that same destination host IP address. Enter a number between 1 and 256. As a general rule, you should choose a smaller number for a smaller network, a slower system or limited bandwidth. The device sends alerts whenever the TCP Maximum Incomplete is exceeded. Select the action that the device takes when the TCP maximum incomplete threshold is reached. Select the check box if you want the device to deny new connection requests for the number of minutes that you specify (between 1 and 255). Apply Reset Clear the check box if you want the device to delete the oldest half open session when a new connection request comes. Click this to save your changes back to the device. Click this to begin configuring this screen afresh. 134 Vantage CNM User's Guide

Section	Page
Vantage CNM	1
About This User's Guide	3
Document Conventions	5
Contents Overview	7
Introducing Vantage CNM	21
1.1 Overview	21
1.2 Ways to Manage Vantage CNM	22
1.3 Suggestions for Using Vantage CNM	22
Introduction	23
GUI Introduction	25
2.1 Menu Bar	26
2.2 Title Bar	27
2.3 Device Window	27
2.3.1 Topology	27
2.3.2 Device Search	36
2.4 Navigation Panel and Configuration Window	37
2.5 Security Risk Pop-up Messages in Internet Explorer 7.0	41
Device Configuration (ZyNOS and Prestige)	45
Load or Save Building Blocks (BB)	47
3.1 Load or Save BB	47
Device General Settings	51
4.1 System	51
4.2 Time Setting	52
Device Network Settings	55
5.1 LAN (ZyNOS ZyWALL)	55
5.2 LAN (Prestige)	59
5.2.1 Static DHCP	62
5.2.2 IP Alias	63
5.3 WAN General (ZyNOS ZyWALL)	65
5.3.1 WAN1 (ZyNOS ZyWALL with one WAN port)	69
5.3.2 WAN1 and WAN2 (ZyNOS ZyWALL with two WAN ports)	78
5.3.3 WAN2 (ZyNOS ZyWALL with 3G WAN)	87
5.3.4 Dial Backup (ZyNOS ZyWALL)	96
5.3.5 Advanced Modem Setup (ZyNOS ZyWALL)	98
5.3.6 Edit Dial Backup (ZyNOS ZyWALL)	100
5.3.7 WAN Setup (Prestige)	102
5.3.8 WAN Backup (Prestige)	106
5.3.9 Advanced WAN Backup (Prestige)	109
5.3.10 Advanced Modem Setup (Prestige)	111
5.4 Wireless Card	112
5.4.1 Wireless and Wireless Security Settings	112
5.4.2 Advanced Wireless Security Settings	115
5.4.3 MAC Filter	121
Device Security Settings	123
6.1 Firewall	123
6.1.1 Default Rule	123
6.1.2 Rule Summary	126
6.1.3 Add/Edit a Rule	128
6.1.4 Anti-Probing	131
6.1.5 Threshold	132
6.1.6 Service	135
6.1.7 Add/Edit Service	135
6.2 VPN	137
6.3 IPSec High Availability	137
6.3.1 VPN Rules (IKE)	138
6.3.2 Add/Edit an IKE Gateway Policy	139
6.3.3 Add/Edit an IKE Network Policy	148
6.3.4 Move an IKE Network Policy	154
6.3.5 VPN Rules (Manual)	154
6.3.6 Add/Edit an Manual VPN Rule	157
6.3.7 VPN Global Setting	160
6.4 Anti-Virus	162
6.4.1 General Anti-Virus Setup	162
6.5 Anti-Spam	164
6.5.1 Anti-Spam General Screen	164
6.5.2 Anti-Spam External DB Screen	167
6.6 Anti-Spam Lists Screen	170
6.6.1 Anti-Spam Lists Edit Screen	171
6.7 IDP	174
6.8 General Setup	174
6.9 IDP Signatures	176
6.9.1 Attack Types	176
6.9.2 Intrusion Severity	178
6.9.3 Signature Actions	178
6.9.4 Configuring IDP Signatures	179
6.9.5 Query View	181
6.9.6 Protocol Anomaly	184
6.10 Signature Update	186
6.11 Content Filter	189
6.12 Content Filter General Screen	189
6.13 Content Filter Policy	193
6.13.1 Content Filter Policy: General	194
6.13.2 Content Filter Policy: External Database	197
6.13.3 Content Filter Policy: Customization	204
6.13.4 Content Filter Policy: Schedule	207
6.14 Content Filter Objects	208
6.15 Content Filtering Cache	210
6.16 X Auth	211
6.16.1 Local User Database	211
6.16.2 RADIUS	212
Device Advanced Settings	215
7.0.1 NAT	215
7.1 NAT	215
7.2 Port Forwarding	218
7.3 Address Mapping	219
7.3.1 Edit an Address Mapping Rule	221
7.4 Trigger Port	222
7.4.1 Edit a Trigger Port Rule	223
7.5 Static Route	224
7.6 Static Route	224
7.6.1 Edit a Static Route	226
7.7 DNS	227
7.8 Address Record	227
7.8.1 Add/Edit an Address Record	228
7.9 Name Server Record	229
7.9.1 Add/Edit a Name Server Record	230
7.10 Cache	232
7.11 DDNS	233
7.12 DHCP	235
7.13 Remote MGMT	236
7.14 Remote MGMT	236
Device Log	241
8.1 Device Log	241
Device Configuration (ZLD)	245
Device Network Settings	247
9.1 Ethernet (ZLD ZyWALL)	247
9.1.1 Ethernet Edit	248
9.1.2 Adding Virtual Interfaces	255
9.2 WLAN General	256
9.2.1 WLAN Add/Edit Screen	259
9.2.2 WLAN Add/Edit: WEP Security	265
9.2.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security	266
9.2.4 WLAN Add/Edit: WPA/WPA2 Security	267
9.2.5 WLAN Interface MAC Filter	269
9.2.6 MAC Filter Add/Edit Screen	271
9.3 VLAN Summary Screen	272
9.3.1 VLAN Add/Edit	272
9.4 Bridge Summary	277
9.4.1 Bridge Add/Edit	278
9.5 PPPoE/PPTP Interface Summary	283
9.5.1 PPPoE/PPTP Interface Edit	284
9.6 Auxiliary Interface	290
9.7 The Trunk Summary Screen	292
9.8 Configuring a Trunk	294
9.8.1 The Trunk Member List Screen	297
9.9 Interface Summary Screen	298
9.10 Policy Route Screen	300
9.10.1 Policy Route Edit Screen	303
9.11 IP Static Route Screen	306
9.11.1 Static Route Add/Edit Screen	307
9.12 The RIP Screen	308
9.13 The OSPF Screen	310
9.13.1 The OSPF Area Add/Edit Screen	312
Firewall	315
10.1 The Firewall Screen	315
10.1.1 The Firewall Edit Screen	318
10.2 The Session Limit Screen	319
10.2.1 The Session Limit Add/Edit Screen	321
IPSec VPN	323
11.1 The IPSec VPN Connection Screen	323
11.1.1 The IPSec VPN Connection Add/Edit Screen	325
11.1.2 IPSec VPN Connection Add/Edit (Manual Key)	331
11.2 The VPN Gateway Screen	335
11.2.1 The VPN Gateway Add/Edit Screen	336
11.3 The VPN Concentrator Screen	343
11.3.1 The VPN Concentrator Add/Edit Screen	345
SSL VPN	347
12.1 Overview	347
12.2 The SSL Access Privilege Screen	347
12.2.1 The SSL Access Policy Add/Edit Screen	349
12.3 The SSL Global Setting Screen	351
L2TP VPN	353
13.1 Overview	353
13.2 L2TP VPN Screen	353
Object	357
14.1 User Summary Screen	357
14.1.1 User Add/Edit Screen	358
14.2 User Group Summary Screen	360
14.2.1 Group Add/Edit Screen	361
14.3 Setting Screen	362
14.3.1 Default User Authentication Timeout Settings Edit Screens	366
14.3.2 Force User Authentication Policy Add/Edit Screen	368
14.4 Address Summary Screen	369
14.4.1 Address Add/Edit Screen	370
14.4.2 Address Group Summary Screen	371
14.4.3 Address Group Add/Edit Screen	373
14.5 The Service Summary Screen	374
14.5.1 The Service Add/Edit Screen	375
14.6 The Service Group Summary Screen	376
14.6.1 The Service Group Add/Edit Screen	378
14.7 The Schedule Summary Screen	379
14.7.1 The One-Time Schedule Add/Edit Screen	380
14.7.2 The Recurring Schedule Add/Edit Screen	381
AAA	385
15.1 Configuring Active Directory or LDAP Default Server Settings	385
15.2 Active Directory or LDAP Group Summary Screen	386
15.2.1 Creating an Active Directory or LDAP Group	388
15.3 Configuring a Default RADIUS Server	390
15.3.1 Configuring a Group of RADIUS Servers	391
15.3.2 Adding a RADIUS Server Member	392
15.4 Viewing Authentication Method Objects	393
15.5 Creating an Authentication Method Object	394
15.6 The My Certificates Screen	396
15.7 ISP Account Summary	397
15.7.1 ISP Account Edit	398
15.8 The SSL Application Screen	400
15.8.1 Creating/Editing a Web-based SSL Application Object	401
15.8.2 Creating/Editing a File Sharing SSL Application Object	403
Maintenance	405
16.1 Edit Remote Server Log Settings	405
Configuration, Firmware and Licence Management	407
Configuration Management	409
17.1 Synchronization (Device)	409
17.2 Synchronization (Folder)	411
17.3 Configuration File Management	412
17.3.1 Backup & Restore (Device)	413
17.3.2 Backup a Device	414
17.3.3 Backup & Restore (Folder)	415
17.3.4 Group Backup (Folder)	416
17.3.5 Group Restore (Folder)	418
17.4 Schedule List (Device)	419
17.5 Schedule List (Folder)	420
17.5.1 Add/Edit Schedule List (Folder)	421
17.6 Signature Profile Management	423
17.6.1 Signature Profile Backup & Restore (Device)	423
17.6.2 Signature Profile Backup & Restore (Folder)	425
17.6.3 Signature Profile Restore (Folder)	427
17.6.4 Restore to Device	429
17.6.5 Signature Profile Backup (Device)	430
17.6.6 Reset to Factory	431
17.7 Configuration Building Block	431
17.8 Add/Edit a Configuration BB	433
17.8.1 Create a Schedule Configuration BB (ZLD)	436
17.8.2 Create a User Configuration BB (ZLD)	437
17.8.3 Create an Address Configuration BB (ZLD)	439
17.8.4 Create a Service Configuration BB (ZLD)	440
17.9 Component BB	441
17.10 Add/Edit/Save as a Component BB	443
17.11 ZLD Firewall Rule Group Configuration	443
17.12 Add/Edit a Firewall Rule Group	444
Firmware Management	449
18.1 Firmware List	449
18.1.1 Add Firmware	450
18.2 Scheduler List	451
18.3 Firmware Upgrade	451
18.3.1 Firmware Upgrade (Folder)	452
18.3.2 Firmware Upgrade (Device)	453
18.3.3 Firmware Upgrade (Device) > Upgrade	453
License Management	457
19.1 Service Activation	457
19.1.1 Registration	457
19.1.2 Service	460
19.2 License Status	462
19.2.1 Activate/Upgrade License	465
19.3 License Status (Folder)	466
19.4 Signature Status (Device)	469
19.5 Signature Status (Folder)	471
VPN Management	473
VPN Community	475
20.1 VPN Community	475
20.1.1 Add/Edit a VPN Community	476
Installation Report	483
21.1 Installation Report	483
21.1.1 Show Detailed Installation Reportl	484
VPN Monitor	485
22.1 Monitor VPN by Community	485
22.1.1 Show Detailed VPN Community	486
22.1.2 VPN Tunnel Diagnostics	487
22.2 Monitor VPN by Device	489
22.2.1 VPN Tunnel Status	489
22.2.2 Search VPN Tunnels	490
22.2.3 SA Monitor	491
Monitor	493
Device Status Monitor	495
23.1 Device Status	495
3G Monitor	497
24.1 Summary	498
24.1.1 Show Detail	500
24.2 Availability Report	509
24.3 Radio Report	513
24.4 Traffic Report	518
24.5 Alert Report	519
24.6 Monitor Setting	523
24.6.1 Notification Setting	523
24.6.2 Notification	524
24.6.3 Monitor Interval	526
Device HA Status Monitor	527
25.1 Device HA Status	527
Device Alarm	529
26.1 Device Alarm Introduction	529
26.1.1 Alarm Severity	529
26.1.2 Unresolved Alarms	529
26.1.3 Responded Alarm	532
Log & Report	535
Device Operation Report	537
27.1 Firmware Upgrade Report	537
27.1.1 Firmware Report Details	538
27.2 Configuration Report	540
27.2.1 Configuration Report Details	542
27.3 Configuration File Backup Report	543
27.3.1 Configuration File Backup Report Details	545
27.4 Configuration File Restore Report	546
27.5 Signature Profile Backup Report	548
27.6 Signature Profile Restore Report	549
CNM Logs	553
28.1 Vantage CNM Logs	553
28.1.1 CNM Logs	553
VRPT	555
29.1 Vantage Report Overview	555
29.2 Vantage Report in Vantage CNM	556
29.3 Setting Up Vantage Report in Vantage CNM	556
29.4 Opening Vantage Report in Vantage CNM	557
CNM System Setting	559
CNM System Setting	561
30.1 Servers Configuration	561
30.1.1 Vantage CNM Server Public IP Address	563
30.2 Servers Status	564
30.3 User Access	565
30.4 Notifications	566
30.4.1 Notifications Settings	567
30.5 Log Setting	569
30.6 VRPT Management	571
30.6.1 Add/Edit VRPT Management	573
30.7 Certificate Management Overview	574
30.7.1 Advantages of Certificates	575
30.7.2 Current Certificate Information	576
30.7.3 Create CSR	577
30.7.4 Import Certificate	578
Maintenance	581
31.1 System Maintenance	581
31.1.1 Backup	582
31.2 Device Maintenance	583
Device Owner	585
32.1 Device Owner	585
32.1.1 Add/Edit a Device Owner	586
Vantage CNM Software Upgrade	587
33.1 CNM Software Upgrade	587
License	589
34.1 CNM Licence	589
34.1.1 License Upgrade	590
About CNM	591
35.1 About CNM	591
Account Management	593
User Group	595
36.1 Group	595
36.1.1 Add User Group	596
Account	599
37.1 “Root” Administrator	599
37.2 “Super” Administrators	599
37.3 Account	600
37.3.1 Add/Edit an Administrator Account	601
Troubleshooting	603
Troubleshooting	605
38.1 Vantage CNM Access and Login	605
38.2 Device Management	606
38.3 Device Firmware Management	606
38.4 Vantage Report	607
Appendices and Index	609
Product Specifications	611
Setting up Your Computer’s IP Address	617
Pop-up Windows, Java Scripts and Java Permissions	635
IP Addresses and Subnetting	643
IP Address Assignment Conflicts	653
Common Services	657
Importing Certificates	661
Open Software Announcements	667
Legal Information	695

Match case Limit results 1 per page

Chapter 6 Device Security Settings

Vantage CNM User’s Guide

134

One Minute High

This is the rate of new half-open sessions per minute that causes the

firewall to start deleting half-open sessions. When the rate of new

connection attempts rises above this number, the device deletes half-

open sessions as required to accommodate new connection attempts.

For example, if you set the one minute high to 100, the device starts

deleting half-open sessions when more than 100 session establishment

attempts have been detected in the last minute. It stops deleting half-

open sessions when the number of session establishment attempts

detected in a minute goes below the number set as the one minute

low.

Maximum

Incomplete Low

This is the number of existing half-open sessions that causes the

firewall to stop deleting half-open sessions. The device continues to

delete half-open requests as necessary, until the number of existing

half-open sessions drops below this number.

Maximum

Incomplete High

This is the number of existing half-open sessions that causes the

firewall to start deleting half-open sessions. When the number of

existing half-open sessions rises above this number, the device deletes

half-open sessions as required to accommodate new connection

requests. Do not set

Maximum Incomplete High

to lower than the

current

Maximum Incomplete

Low

number.

For example, if you set the maximum incomplete high to 100, the

device starts deleting half-open sessions when the number of existing

half-open sessions rises above 100. It stops deleting half-open

sessions when the number of existing half-open sessions drops below

the number set as the maximum incomplete low.

TCP Maximum

Incomplete

An unusually high number of half-open sessions with the same

destination host address could indicate that a DoS attack is being

launched against the host.

Specify the number of existing half-open TCP sessions with the same

destination host IP address that causes the firewall to start dropping

half-open sessions to that same destination host IP address. Enter a

number between 1 and 256. As a general rule, you should choose a

smaller number for a smaller network, a slower system or limited

bandwidth. The device sends alerts whenever the

TCP Maximum

Incomplete

is exceeded.

Blocking Time

Select the action that the device takes when the TCP maximum

incomplete threshold is reached.

Select the check box if you want the device to deny new connection

requests for the number of minutes that you specify (between 1 and

255).

Clear the check box if you want the device to delete the oldest half

open session when a new connection request comes.

Apply

Click this to save your changes back to the device.

Reset

Click this to begin configuring this screen afresh.

Table 46

Device Operation > Device Configuration > Security > Firewall > Threshold

(continued)

LABEL

DESCRIPTION