ZyXEL Communications ZyXEL ZyWALL 5 User Manual

ZyWALL 5 User’s Guide

186

Chapter 10 Firewall Screens

One Minute High

This is the rate of new half-open sessions that causes the firewall to start deleting

half-open sessions. When the rate of new connection attempts rises above this

number, the ZyWALL deletes half-open sessions as required to accommodate

new connection attempts.
The numbers, say 80 in the One Minute Low field and 100 in this field, cause the

ZyWALL to start deleting half-open sessions when more than 100 session

establishment attempts have been detected in the last minute, and to stop

deleting half-open sessions when fewer than 80 session establishment attempts

have been detected in the last minute.

Maximum

Incomplete Low

This is the number of existing half-open sessions that causes the firewall to stop

deleting half-open sessions. The ZyWALL continues to delete half-open requests

as necessary, until the number of existing half-open sessions drops below this

number.

Maximum

Incomplete High

This is the number of existing half-open sessions that causes the firewall to start

deleting half-open sessions. When the number of existing half-open sessions

rises above this number, the ZyWALL deletes half-open sessions as required to

accommodate new connection requests. Do not set Maximum Incomplete High

to lower than the current Maximum Incomplete Low number.
The above values, say 80 in the Maximum Incomplete Low field and 100 in this

field, cause the ZyWALL to start deleting half-open sessions when the number of

existing half-open sessions rises above 100, and to stop deleting half-open

sessions with the number of existing half-open sessions drops below 80.

TCP Maximum

Incomplete

This is the number of existing half-open TCP sessions with the same destination

host IP address that causes the firewall to start dropping half-open sessions to

that same destination host IP address. Enter a number between 1 and 256. As a

general rule, you should choose a smaller number for a smaller network, a slower

system or limited bandwidth.

Action taken when

the TCP Maximum

Incomplete

threshold is

reached.

Delete the oldest

half open session

when new

connection request

comes

Select this radio button to clear the oldest half open session when a new

connection request comes.

Deny new

connection request

for

Select this radio button and specify for how long the ZyWALL should block new

connection requests when TCP Maximum Incomplete is reached.
Enter the length of blocking time in minutes (between 1 and 256).

Apply

Click Apply to save your changes back to the ZyWALL.

Reset

Click Reset to begin configuring this screen afresh.

Table 55 Firewall Threshold (continued)

LABEL

DESCRIPTION