Table 44 firewall: threshold – ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 User Manual

P-660H/HW/W-T Series User’ Guide

Chapter 11 Firewall Configuration

152

Table 44 Firewall: Threshold

LABEL

DESCRIPTION

DEFAULT VALUES

Denial of Service

Thresholds

One Minute Low

This is the rate of new half-open sessions that

causes the firewall to stop deleting half-open

sessions. The Prestige continues to delete

half-open sessions as necessary, until the

rate of new connection attempts drops below

this number.

80 existing half-open sessions.

One Minute High

This is the rate of new half-open sessions that

causes the firewall to start deleting half-open

sessions. When the rate of new connection

attempts rises above this number, the

Prestige deletes half-open sessions as

required to accommodate new connection

attempts.

100 half-open sessions per minute.

The above numbers cause the

Prestige to start deleting half-open

sessions when more than 100

session establishment attempts

have been detected in the last

minute, and to stop deleting half-

open sessions when fewer than 80

session establishment attempts

have been detected in the last

minute.

Maximum

Incomplete Low

This is the number of existing half-open

sessions that causes the firewall to stop

deleting half-open sessions. The Prestige

continues to delete half-open requests as

necessary, until the number of existing half-

open sessions drops below this number.

80 existing half-open sessions.

Maximum

Incomplete High

This is the number of existing half-open

sessions that causes the firewall to start

deleting half-open sessions. When the

number of existing half-open sessions rises

above this number, the Prestige deletes half-

open sessions as required to accommodate

new connection requests. Do not set

Maximum Incomplete High to lower than the

current Maximum Incomplete Low number.

100 existing half-open sessions.

The above values causes the

Prestige to start deleting half-open

sessions when the number of

existing half-open sessions rises

above 100, and to stop deleting

half-open sessions with the

number of existing half-open

sessions drops below 80.

TCP Maximum

Incomplete

This is the number of existing half-open TCP

sessions with the same destination host IP

address that causes the firewall to start

dropping half-open sessions to that same

destination host IP address. Enter a number

between 1 and 256. As a general rule, you

should choose a smaller number for a smaller

network, a slower system or limited

bandwidth.

30 existing half-open TCP

sessions.

Action taken when the TCP Maximum Incomplete threshold is reached.

Delete the oldest

half open session

when new

connection

request comes

Select this radio button to clear the oldest half

open session when a new connection request

comes.