ZyXEL Communications P-660HN-F1 User Manual
Chapter 9 Firewalls
P-660HN-F1 User’s Guide
166
9.5 Firewall Technical Reference
This section provides some technical background information about the topics covered in this
chapter.
chapter.
9.5.1 Firewall Rules Overview
Your customized rules take precedence and override the ZyXEL Device’s default settings. The
ZyXEL Device checks the source IP address, destination IP address and IP protocol type of
network traffic against the firewall rules (in the order you list them). When the traffic matches
a rule, the ZyXEL Device takes the action specified in the rule.
ZyXEL Device checks the source IP address, destination IP address and IP protocol type of
network traffic against the firewall rules (in the order you list them). When the traffic matches
a rule, the ZyXEL Device takes the action specified in the rule.
Firewall rules are grouped based on the direction of travel of packets to which they apply:
"
The LAN includes both the LAN port and the WLAN.
By default, the ZyXEL Device’s stateful packet inspection allows packets traveling in the
following directions:
following directions:
• LAN to LAN/ Router
These rules specify which computers on the LAN can manage the ZyXEL Device (remote
management) and communicate between networks or subnets connected to the LAN
interface (IP alias).
management) and communicate between networks or subnets connected to the LAN
interface (IP alias).
TCP Maximum
Incomplete
Incomplete
An unusually high number of half-open sessions with the same destination host
address could indicate that a DoS attack is being launched against the host.
Specify the number of existing half-open TCP sessions with the same destination
host IP address that causes the firewall to start dropping half-open sessions to
that same destination host IP address. Enter a number between 1 and 256. As a
general rule, you should choose a smaller number for a smaller network, a slower
system or limited bandwidth. The ZyXEL Device sends alerts whenever the TCP
Maximum Incomplete is exceeded.
address could indicate that a DoS attack is being launched against the host.
Specify the number of existing half-open TCP sessions with the same destination
host IP address that causes the firewall to start dropping half-open sessions to
that same destination host IP address. Enter a number between 1 and 256. As a
general rule, you should choose a smaller number for a smaller network, a slower
system or limited bandwidth. The ZyXEL Device sends alerts whenever the TCP
Maximum Incomplete is exceeded.
Action taken when
TCP Maximum
Incomplete
reached threshold
TCP Maximum
Incomplete
reached threshold
Select the action that ZyXEL Device should take when the TCP maximum
incomplete threshold is reached. You can have the ZyXEL Device either:
Delete the oldest half open session when a new connection request comes.
or
Deny new connection requests for the number of minutes that you specify
(between 1 and 255).
incomplete threshold is reached. You can have the ZyXEL Device either:
Delete the oldest half open session when a new connection request comes.
or
Deny new connection requests for the number of minutes that you specify
(between 1 and 255).
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.
Table 57 Security > Firewall > Threshold (continued)
LABEL
DESCRIPTION
• LAN to LAN/ Router
• WAN to LAN
• LAN to WAN
• WAN to WAN/ Router