ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide

Firewall Screens

11-23

Table 11-6 Attack Alert

LABEL DESCRIPTION

DEFAULT

VALUES

Generate alert when
attack detected

A detected attack automatically generates a
log entry. Check this box to generate an alert
(as well as a log) whenever an attack is
detected. See the chapter on logs for more
information on logs and alerts.

Denial of Service Thresholds

One Minute Low This is the rate of new half-open sessions that

causes the firewall to stop deleting half-open
sessions. The ZyWALL continues to delete
half-open sessions as necessary, until the
rate of new connection attempts drops below
this number.

80 existing half-open sessions.

One Minute High This is the rate of new half-open sessions that

causes the firewall to start deleting half-open
sessions. When the rate of new connection
attempts rises above this number, the
ZyWALL deletes half-open sessions as
required to accommodate new connection
attempts.

100 half-open sessions per

minute. The above numbers

cause the ZyWALL to start

deleting half-open sessions when

more than 100 session

establishment attempts have

been detected in the last minute,

and to stop deleting half-open

sessions when fewer than 80

session establishment attempts

have been detected in the last

minute.

Maximum Incomplete

Low

This is the number of existing half-open
sessions that causes the firewall to stop
deleting half-open sessions. The ZyWALL
continues to delete half-open requests as
necessary, until the number of existing half-
open sessions drops below this number.

80 existing half-open sessions.