3 configuring firewall thresholds, Figure 67 firewall > threshold, Table 44 firewall > threshold – ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H User Manual

P-793H User’s Guide

Chapter 9 Firewall Configuration

149

9.10.3 Configuring Firewall Thresholds

The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The
global values specified for the threshold and timeout apply to all TCP connections.

Click Firewall, and Threshold to bring up the next screen.

Figure 67 Firewall > Threshold

The following table describes the labels in this screen.

Table 44 Firewall > Threshold

LABEL

DESCRIPTION

Denial of Service

Thresholds

One Minute Low

Type the rate of new half-open sessions that causes the firewall to stop deleting

half-open sessions. The ZyXEL Device continues to delete half-open sessions

as necessary, until the rate of new connection attempts drops below this

number. See One Minute High for an example.

One Minute High

Type the rate of new half-open sessions that causes the firewall to start deleting

half-open sessions. When the rate of new connection attempts rises above this

number, the ZyXEL Device deletes half-open sessions as required to

accommodate new connection attempts.
For example, if One Minute Low is 80 and One Minute High is 100, the ZyXEL

Device starts deleting half-open sessions when more than 100 session

establishment attempts have been detected in the last minute and stops deleting

half-open sessions when fewer than 80 session establishment attempts have

been detected in the last minute.

Maximum

Incomplete Low

Type the number of existing half-open sessions that causes the firewall to stop

deleting half-open sessions. The ZyXEL Device continues to delete half-open

requests as necessary, until the number of existing half-open sessions drops

below this number. See Maximum Incomplete High for an example.