3 configuring firewall thresholds, Figure 96 firewall: threshold, Table 63 firewall: threshold – ZyXEL Communications P-660HW-D Series User Manual

P-660HW-D Series User’s Guide

173

Chapter 10 Firewall Configuration

10.10.3 Configuring Firewall Thresholds

The ZyXEL device also sends alerts whenever TCP Maximum Incomplete is exceeded. The
global values specified for the threshold and timeout apply to all TCP connections.

Click Firewall, and Threshold to bring up the next screen.

Figure 96 Firewall: Threshold

The following table describes the labels in this screen.

Table 63 Firewall: Threshold

LABEL

DESCRIPTION

DEFAULT VALUES

Denial of Service

Thresholds

One Minute Low

This is the rate of new half-open sessions that

causes the firewall to stop deleting half-open

sessions. The ZyXEL device continues to

delete half-open sessions as necessary, until

the rate of new connection attempts drops

below this number.

80 existing half-open sessions.

One Minute High

This is the rate of new half-open sessions that

causes the firewall to start deleting half-open

sessions. When the rate of new connection

attempts rises above this number, the ZyXEL

device deletes half-open sessions as required

to accommodate new connection attempts.

100 half-open sessions per minute.

The above numbers cause the

ZyXEL device to start deleting half-

open sessions when more than

100 session establishment

attempts have been detected in the

last minute, and to stop deleting

half-open sessions when fewer

than 80 session establishment

attempts have been detected in the

last minute.