ZyXEL 793H Guida Utente
Chapter 9 Firewall Configuration
P-793H User’s Guide
147
Figure 71 Firewall > Threshold
The following table describes the labels in this screen.
Table 45 Firewall > Threshold
LABEL
DESCRIPTION
Denial of Service
Thresholds
One Minute Low
Type the rate of new half-open sessions that causes the firewall to stop deleting
half-open sessions. The ZyXEL Device continues to delete half-open sessions
as necessary, until the rate of new connection attempts drops below this
number. See One Minute High for an example.
One Minute High
Type the rate of new half-open sessions that causes the firewall to start deleting
half-open sessions. When the rate of new connection attempts rises above this
number, the ZyXEL Device deletes half-open sessions as required to
accommodate new connection attempts.
For example, if One Minute Low is 80 and One Minute High is 100, the ZyXEL
For example, if One Minute Low is 80 and One Minute High is 100, the ZyXEL
Device starts deleting half-open sessions when more than 100 session
establishment attempts have been detected in the last minute and stops
deleting half-open sessions when fewer than 80 session establishment attempts
have been detected in the last minute.
Maximum
Incomplete Low
Type the number of existing half-open sessions that causes the firewall to stop
deleting half-open sessions. The ZyXEL Device continues to delete half-open
requests as necessary, until the number of existing half-open sessions drops
below this number. See Maximum Incomplete High for an example.
Maximum
Incomplete High
Type the number of existing half-open sessions that causes the firewall to start
deleting half-open sessions. When the number of existing half-open sessions
rises above this number, the ZyXEL Device deletes half-open sessions as
required to accommodate new connection requests. Do not set Maximum
Incomplete High to lower than the current Maximum Incomplete Low
number.
For example, if Maximum Incomplete Low is 80 and Maximum Incomplete
For example, if Maximum Incomplete Low is 80 and Maximum Incomplete
High is 100, the ZyXEL Device starts deleting half-open sessions when the
number of existing half-open sessions rises above 100 and stops deleting half-
open sessions with the number of existing half-open sessions drops below 80.
TCP Maximum
Incomplete
Type the number of existing half-open TCP sessions with the same destination
host IP address that causes the firewall to start dropping half-open sessions to
that same destination host IP address. Enter a number between 1 and 256. As a
general rule, you should choose a smaller number for a smaller network, a
slower system or limited bandwidth.