9 firewall commands, Table 97 sys firewall commands – ZyXEL Communications P-2602HWLNI User Manual

Page 262

background image

Chapter 15 Firewall Configuration

P-2602HWLNI User’s Guide

262

15.9 Firewall Commands

The following describes the firewall commands. See the Command Interpreter appendix for
information on the command structure. Each of these commands must be preceded by

sys

firewall

when you use them. For example, type

sys firewall active yes

to turn on

the firewall.

Maximum

Incomplete High

This is the number of existing half-open

sessions that causes the firewall to start

deleting half-open sessions. When the

number of existing half-open sessions rises

above this number, the ZyXEL Device deletes

half-open sessions as required to

accommodate new connection requests. Do

not set Maximum Incomplete High to lower

than the current Maximum Incomplete Low

number.

100 existing half-open sessions.

The above values causes the

ZyXEL Device to start deleting

half-open sessions when the

number of existing half-open

sessions rises above 100, and to

stop deleting half-open sessions

with the number of existing half-

open sessions drops below 80.

TCP Maximum

Incomplete

This is the number of existing half-open TCP

sessions with the same destination host IP

address that causes the firewall to start

dropping half-open sessions to that same

destination host IP address. Enter a number

between 1 and 256. As a general rule, you

should choose a smaller number for a smaller

network, a slower system or limited

bandwidth.

30 existing half-open TCP

sessions.

Action taken when the TCP Maximum Incomplete reached threshold

Delete the Oldest

Half Open

Session when

New Connection

Request Comes.

Select this radio button to clear the oldest half

open session when a new connection request

comes.

Deny New

Connection

Request for

Select this radio button and specify for how

long the ZyXEL Device should block new

connection requests when TCP Maximum

Incomplete is reached.
Enter the length of blocking time in minutes

(between 1 and 256).

Apply

Click Apply to save your changes back to the ZyXEL Device.

Cancel

Click Cancel to begin configuring this screen afresh.

Table 96 Firewall: Threshold (continued)

LABEL

DESCRIPTION

DEFAULT VALUES

Table 97 Sys Firewall

Commands

COMMAND

DESCRIPTION

acl

disp

Displays ACLs or a specific ACL set # and rule #.

active

Active firewall or deactivate firewall
Enables/disables the firewall.

cnt