ZyXEL Communications Corporation VMG1312T10C Manuel D’Utilisation
Chapter 14 Firewall
VMG1312-T10C User’s Guide
164
4
Network bandwidth.
5
Type of traffic for certain servers.
Reduce the threshold values if your network is slower than average for any of these factors
(especially if you have servers that are slow or handle many tasks and are often busy).
(especially if you have servers that are slow or handle many tasks and are often busy).
• If you often use P2P applications such as file sharing with eMule or eDonkey, it’s recommended
that you increase the threshold values since lots of sessions will be established during a small
period of time and the Device may classify them as DoS attacks.
period of time and the Device may classify them as DoS attacks.
14.5.2 Configuring Firewall Thresholds
Click Security > Firewall > DoS > Advanced to display the following screen.
Figure 112
Security > Firewall > DoS > Advanced
The following table describes the labels in this screen.
Table 67
Security > Firewall > DoS > Advanced
LABEL
DESCRIPTION
TCP SYN-Request
Count
Count
This is the rate of new TCP half-open sessions per second that causes the firewall to
start deleting half-open sessions. When the rate of new connection attempts rises
above this number, the Device deletes half-open sessions as required to
accommodate new connection attempts.
start deleting half-open sessions. When the rate of new connection attempts rises
above this number, the Device deletes half-open sessions as required to
accommodate new connection attempts.
UDP Packet Count
This is the rate of new UDP half-open sessions per second that causes the firewall to
start deleting half-open sessions. When the rate of new connection attempts rises
above this number, the Device deletes half-open sessions as required to
accommodate new connection attempts.
start deleting half-open sessions. When the rate of new connection attempts rises
above this number, the Device deletes half-open sessions as required to
accommodate new connection attempts.
ICMP Echo-Request
Count
Count
This is the rate of new ICMP Echo-Request half-open sessions per second that causes
the firewall to start deleting half-open sessions. When the rate of new connection
attempts rises above this number, the Device deletes half-open sessions as required
to accommodate new connection attempts.
the firewall to start deleting half-open sessions. When the rate of new connection
attempts rises above this number, the Device deletes half-open sessions as required
to accommodate new connection attempts.
ICMP Redirect
Select Enable to monitor for and block ICMP redirect attacks.
An ICMP redirect attack is one where forged ICMP redirect messages can force the
client device to route packets for certain connections through an attacker’s host.
client device to route packets for certain connections through an attacker’s host.
DoS Log(Log Level:
DEBUG)
DEBUG)
for information on
viewing logs.