ZyXEL 2WG Guida Utente
Chapter 12 Firewall Screens
ZyWALL 2WG User’s Guide
266
Threshold Values
If everything is working properly, you probably do not need to change the threshold settings as
the default threshold values should work for most small offices. Tune these parameters when
you believe the ZyWALL has been receiving DoS attacks that are not recorded in the logs or
the logs show that the ZyWALL is classifying normal traffic as DoS attacks. Factors
influencing choices for threshold values are:
the default threshold values should work for most small offices. Tune these parameters when
you believe the ZyWALL has been receiving DoS attacks that are not recorded in the logs or
the logs show that the ZyWALL is classifying normal traffic as DoS attacks. Factors
influencing choices for threshold values are:
1 The maximum number of opened sessions.
2 The minimum capacity of server backlog in your LAN network.
3 The CPU power of servers in your LAN network.
4 Network bandwidth.
5 Type of traffic for certain servers.
2 The minimum capacity of server backlog in your LAN network.
3 The CPU power of servers in your LAN network.
4 Network bandwidth.
5 Type of traffic for certain servers.
Reduce the threshold values if your network is slower than average for any of these factors
(especially if you have servers that are slow or handle many tasks and are often busy).
If you often use P2P applications such as file sharing with eMule or eDonkey, it’s
recommended that you increase the threshold values since lots of sessions will be established
during a small period of time and the ZyWALL may classify them as DoS attacks.
(especially if you have servers that are slow or handle many tasks and are often busy).
If you often use P2P applications such as file sharing with eMule or eDonkey, it’s
recommended that you increase the threshold values since lots of sessions will be established
during a small period of time and the ZyWALL may classify them as DoS attacks.
Security Considerations
"
Incorrectly configuring the firewall may block valid access or introduce security
risks to the ZyWALL and your protected network. Use caution when creating or
deleting firewall rules and test your rules after you configure them.
risks to the ZyWALL and your protected network. Use caution when creating or
deleting firewall rules and test your rules after you configure them.
Consider these security ramifications before creating a rule:
1 Does this rule stop LAN users from accessing critical resources on the Internet? For
example, if IRC is blocked, are there users that require this service?
2 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for
all users, will a rule that blocks just certain users be more effective?
3 Does a rule that allows Internet users access to resources on the LAN create a security
vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to
the LAN, Internet users may be able to connect to computers with running FTP servers.
the LAN, Internet users may be able to connect to computers with running FTP servers.
4 Does this rule conflict with any existing rules?
Once these questions have been answered, adding rules is simply a matter of entering the
information into the correct fields in the web configurator screens.
information into the correct fields in the web configurator screens.