ZyXEL Communications 660HW Series User Manual

Prestige 660H/HW Series User’s Guide

165

Chapter 13 Firewall Configuration

One Minute High

This is the rate of new half-open sessions that

causes the firewall to start deleting half-open

sessions. When the rate of new connection

attempts rises above this number, the

Prestige deletes half-open sessions as

required to accommodate new connection

attempts.

100 half-open sessions per minute.

The above numbers cause the

Prestige to start deleting half-open

sessions when more than 100

session establishment attempts

have been detected in the last

minute, and to stop deleting half-

open sessions when fewer than 80

session establishment attempts

have been detected in the last

minute.

Maximum

Incomplete Low

This is the number of existing half-open

sessions that causes the firewall to stop

deleting half-open sessions. The Prestige

continues to delete half-open requests as

necessary, until the number of existing half-

open sessions drops below this number.

80 existing half-open sessions.

Maximum

Incomplete High

This is the number of existing half-open

sessions that causes the firewall to start

deleting half-open sessions. When the

number of existing half-open sessions rises

above this number, the Prestige deletes half-

open sessions as required to accommodate

new connection requests. Do not set

Maximum Incomplete High to lower than the

current Maximum Incomplete Low number.

100 existing half-open sessions.

The above values causes the

Prestige to start deleting half-open

sessions when the number of

existing half-open sessions rises

above 100, and to stop deleting

half-open sessions with the

number of existing half-open

sessions drops below 80.

TCP Maximum

Incomplete

This is the number of existing half-open TCP

sessions with the same destination host IP

address that causes the firewall to start

dropping half-open sessions to that same

destination host IP address. Enter a number

between 1 and 256. As a general rule, you

should choose a smaller number for a smaller

network, a slower system or limited

bandwidth.

30 existing half-open TCP

sessions.

Action taken when the TCP Maximum Incomplete threshold is reached.

Delete the oldest

half open session

when new

connection

request comes

Select this radio button to clear the oldest half

open session when a new connection request

comes.

Deny new

connection

request for

Select this radio button and specify for how

long the Prestige should block new

connection requests when TCP Maximum

Incomplete is reached.
Enter the length of blocking time in minutes

(between 1 and 256).

Back

Click Back to return to the previous screen.

Apply

Click Apply to save your changes back to the Prestige.

Cancel

Click Cancel to begin configuring this screen afresh.

Table 47 Firewall: Threshold (continued)

LABEL

DESCRIPTION

DEFAULT VALUES