ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide

11-24

Firewall

Screens

Table 11-6 Attack Alert

LABEL DESCRIPTION

DEFAULT

VALUES

Maximum Incomplete

High

This is the number of existing half-open
sessions that causes the firewall to start
deleting half-open sessions. When the
number of existing half-open sessions rises
above this number, the ZyWALL deletes half-
open sessions as required to accommodate
new connection requests. Do not set
Maximum Incomplete High to lower than the
current Maximum Incomplete Low number.

100 existing half-open sessions.

The above values causes the

ZyWALL to start deleting half-

open sessions when the number

of existing half-open sessions

rises above 100, and to stop

deleting half-open sessions with

the number of existing half-open

sessions drops below 80.

TCP Maximum

Incomplete

This is the number of existing half-open TCP
sessions with the same destination host IP
address that causes the firewall to start
dropping half-open sessions to that same
destination host IP address. Enter a number
between 1 and 256. As a general rule, you
should choose a smaller number for a smaller
network, a slower system or limited
bandwidth.

30 existing half-open TCP

sessions.

Blocking Period When TCP Maximum Incomplete is reached

you can choose if the next session should be
allowed or blocked. If you check Blocking
Period any new sessions will be blocked for
the length of time you specify in the next field
(min) and all old incomplete sessions will be
cleared during this period. If you want strong
security, it is better to block the
traffic for a short time, as it will give the server
some time to digest the loading.

Select this check box to specify a

number in minutes (min) text

box.

(min) Enter the length of Blocking Period in

minutes.

0

Apply

Click Apply to save your changes back to the ZyWALL.

Reset

Click Reset to begin configuring this screen afresh.