ZyXEL p-660h-61 Guida Utente
Prestige 660H Series User’s Guide
11-4
Firewall Configuration
Table 11-1 Alert
LABEL DESCRIPTION
Maximum
Incomplete Low
Incomplete Low
This is the number of existing half-open sessions (default "80") that causes the firewall to
stop deleting half-open sessions.
The Prestige continues to delete half-open requests as necessary, until the number of
existing half-open sessions drops below this number.
stop deleting half-open sessions.
The Prestige continues to delete half-open requests as necessary, until the number of
existing half-open sessions drops below this number.
Maximum
Incomplete High
Incomplete High
This is the number of existing half-open sessions (default "100") that causes the firewall to
start deleting half-open sessions. When the number of existing half-open sessions rises
above this number, the Prestige deletes half-open sessions as required to accommodate
new connection requests. The Prestige stops deleting half-open sessions when the
number is less than the Max Incomplete Low.
Do not set Maximum Incomplete High to lower than the current Max Incomplete Low
number.
start deleting half-open sessions. When the number of existing half-open sessions rises
above this number, the Prestige deletes half-open sessions as required to accommodate
new connection requests. The Prestige stops deleting half-open sessions when the
number is less than the Max Incomplete Low.
Do not set Maximum Incomplete High to lower than the current Max Incomplete Low
number.
TCP Maximum
Incomplete
Incomplete
This is the number of existing half-open TCP sessions (default "10") with the same
destination host IP address that causes the firewall to start dropping half-open sessions to
that same destination host IP address. Enter a number between 1 and 256.
As a general rule, you should choose a smaller number for a smaller network, a slower
system or limited bandwidth.
destination host IP address that causes the firewall to start dropping half-open sessions to
that same destination host IP address. Enter a number between 1 and 256.
As a general rule, you should choose a smaller number for a smaller network, a slower
system or limited bandwidth.
Blocking Time
When TCP Maximum Incomplete is reached you can choose if the next session should
be allowed or blocked. If you select Blocking Time, any new sessions will be blocked for
the length of time you specify in the next field (minute) and all old incomplete sessions will
be cleared during this period.
If you want strong security, it is better to block the traffic for a short time, as it will give the
server some time to digest the loading.
be allowed or blocked. If you select Blocking Time, any new sessions will be blocked for
the length of time you specify in the next field (minute) and all old incomplete sessions will
be cleared during this period.
If you want strong security, it is better to block the traffic for a short time, as it will give the
server some time to digest the loading.
(minute) Type the length of Blocking Time in minutes (1-256). The default is "0".
Back
Click Back to return to the previous screen.
Apply
Click Apply to save your customized settings and exit this screen.
Cancel
Click Cancel to return to the previously saved settings.