ZyXEL Communications ZyWALL5UTM 4.0 User Manual
ZyWALL 5/35/70 Series User’s Guide
Chapter 11 Firewall Screens
226
11.11 Service
Click SECURITY, FIREWALL, then the Service tab to open the screen as shown next. Use
this screen to configure custom services for use in firewall rules or view the services that are
predefined in the ZyWALL.
this screen to configure custom services for use in firewall rules or view the services that are
predefined in the ZyWALL.
Maximum
Incomplete High
This is the number of existing half-open sessions that causes the firewall to start
deleting half-open sessions. When the number of existing half-open sessions
rises above this number, the ZyWALL deletes half-open sessions as required to
accommodate new connection requests. Do not set Maximum Incomplete High
to lower than the current Maximum Incomplete Low number.
The above values, say 80 in the Maximum Incomplete Low field and 100 in this
The above values, say 80 in the Maximum Incomplete Low field and 100 in this
field, cause the ZyWALL to start deleting half-open sessions when the number of
existing half-open sessions rises above 100, and to stop deleting half-open
sessions with the number of existing half-open sessions drops below 80.
TCP Maximum
Incomplete
This is the number of existing half-open TCP sessions with the same destination
host IP address that causes the firewall to start dropping half-open sessions to
that same destination host IP address. Enter a number between 1 and 256. As a
general rule, you should choose a smaller number for a smaller network, a slower
system or limited bandwidth.
Action taken when
the TCP Maximum
Incomplete
threshold is
reached.
Delete the oldest
half open session
when new
connection request
comes
Select this radio button to clear the oldest half open session when a new
connection request comes.
Deny new
connection request
for
Select this radio button and specify for how long the ZyWALL should block new
connection requests when TCP Maximum Incomplete is reached.
Enter the length of blocking time in minutes (between 1 and 256).
Enter the length of blocking time in minutes (between 1 and 256).
Apply
Click Apply to save your changes back to the ZyWALL.
Reset
Click Reset to begin configuring this screen afresh.
Table 72 Firewall Threshold (continued)
LABEL
DESCRIPTION