ZyXEL Communications P-660HW-D Series User Manual

Page 283

Advertising
background image

P-660HW-D Series User’s Guide

Appendix G Firewall Commands

282

config edit firewall attack
minute-high <0-255>

This command sets the threshold rate of new

half-open sessions per minute where the

ZyXEL device starts deleting old half-opened

sessions until it gets them down to the minute-

low threshold.

config edit firewall attack
minute-low <0-255>

This command sets the threshold of half-open

sessions where the ZyXEL device stops

deleting half-opened sessions.

config edit firewall attack
max-incomplete-high <0-255>

This command sets the threshold of half-open

sessions where the ZyXEL device starts

deleting old half-opened sessions until it gets

them down to the max incomplete low.

config edit firewall attack
max-incomplete-low <0-255>

This command sets the threshold where the

ZyXEL device stops deleting half-opened

sessions.

config edit firewall attack
tcp-max-incomplete <0-255>

This command sets the threshold of half-open

TCP sessions with the same destination

where the ZyXEL device starts dropping half-

open sessions to that destination.

Sets

config edit firewall set <set
#> name <desired name>

This command sets a name to identify a

specified set.

Config edit firewall set <set
#> default-permit <forward |
block>

This command sets whether a packet is

dropped or allowed through, when it does not

meet a rule within the set.

Config edit firewall set <set
#> icmp-timeout <seconds>

This command sets the time period to allow an

ICMP session to wait for the ICMP response.

Config edit firewall set <set
#> udp-idle-timeout <seconds>

This command sets how long a UDP

connection is allowed to remain inactive

before the ZyXEL device considers the

connection closed.

Config edit firewall set <set
#> connection-timeout
<seconds>

This command sets how long ZyXEL device

waits for a TCP session to be established

before dropping the session.

Config edit firewall set <set
#> fin-wait-timeout <seconds>

This command sets how long the ZyXEL

device leaves a TCP session open after the

firewall detects a FIN-exchange (indicating the

end of the TCP session).

Table 116 Firewall Commands (continued)

FUNCTION

COMMAND

DESCRIPTION

Advertising
Popular Brands
Popular manuals