ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H User Manual

P-793H User’s Guide

150

Chapter 9 Firewall Configuration

Maximum

Incomplete High

Type the number of existing half-open sessions that causes the firewall to start

deleting half-open sessions. When the number of existing half-open sessions

rises above this number, the ZyXEL Device deletes half-open sessions as

required to accommodate new connection requests. Do not set Maximum

Incomplete High to lower than the current Maximum Incomplete Low number.
For example, if Maximum Incomplete Low is 80 and Maximum Incomplete

High is 100, the ZyXEL Device starts deleting half-open sessions when the

number of existing half-open sessions rises above 100 and stops deleting half-

open sessions with the number of existing half-open sessions drops below 80.

TCP Maximum

Incomplete

Type the number of existing half-open TCP sessions with the same destination

host IP address that causes the firewall to start dropping half-open sessions to

that same destination host IP address. Enter a number between 1 and 256. As a

general rule, you should choose a smaller number for a smaller network, a

slower system or limited bandwidth.

Action taken when

TCP Maximum

Incomplete reached

threshold

Delete the Oldest

Half Open Session

when New

Connection Request

Comes.

Select this to clear the oldest half-open session when a new connection request

comes.

Deny New

Connection Request

for

Select this, and specify for how long the ZyXEL Device should block new

connection requests when TCP Maximum Incomplete is reached. Enter the

length of blocking time in minutes (between 1 and 256).

Apply

Click Apply to save your changes back to the ZyXEL Device.

Cancel

Click Cancel to begin configuring this screen afresh.

Table 44 Firewall > Threshold (continued)

LABEL

DESCRIPTION