ZyXEL Communications vantage cnm ユーザーズマニュアル

Chapter 6 Device Security Settings

Vantage CNM User’s Guide

The following table describes the labels in this screen.

Table 46   Device Operation > Device Configuration > Security > Firewall > Threshold

Disable DoS Attack 

Protection on

Select the interface(s) (or VPN tunnels) for which you want the device to not use 

the Denial of Service protection thresholds. This disables DoS protection on the 

selected interface (or all VPN tunnels).
You may want to disable DoS protection for an interface if the device is treating 

valid traffic as DoS attacks. Another option would be to raise the thresholds.

Denial of Service 

Thresholds

The device measures both the total number of existing half-open sessions and 

the rate of session establishment attempts. Both TCP and UDP half-open 

sessions are counted in the total number and rate measurements. Measurements 

are made once a minute.

One Minute Low

This is the rate of new half-open sessions per minute that causes the firewall to 

stop deleting half-open sessions. The device continues to delete half-open 

sessions as necessary, until the rate of new connection attempts drops below this 

number.

One Minute High

This is the rate of new half-open sessions per minute that causes the firewall to 

start deleting half-open sessions. When the rate of new connection attempts rises 

above this number, the device deletes half-open sessions as required to 

accommodate new connection attempts.
For example, if you set the one minute high to 100, the device starts deleting half-

open sessions when more than 100 session establishment attempts have been 

detected in the last minute. It stops deleting half-open sessions when the number 

of session establishment attempts detected in a minute goes below the number 

set as the one minute low.

Maximum 

Incomplete Low

This is the number of existing half-open sessions that causes the firewall to stop 

deleting half-open sessions. The device continues to delete half-open requests 

as necessary, until the number of existing half-open sessions drops below this 

number.

Maximum 

Incomplete High

This is the number of existing half-open sessions that causes the firewall to start 

deleting half-open sessions. When the number of existing half-open sessions 

rises above this number, the device deletes half-open sessions as required to 

accommodate new connection requests. Do not set Maximum Incomplete High 

to lower than the current Maximum Incomplete Low number.
For example, if you set the maximum incomplete high to 100, the device starts 

deleting half-open sessions when the number of existing half-open sessions rises 

above 100. It stops deleting half-open sessions when the number of existing half-

open sessions drops below the number set as the maximum incomplete low.

TCP Maximum 

Incomplete 

An unusually high number of half-open sessions with the same destination host 

address could indicate that a DoS attack is being launched against the host. 
Specify the number of existing half-open TCP sessions with the same destination 

host IP address that causes the firewall to start dropping half-open sessions to 

that same destination host IP address. Enter a number between 1 and 256. As a 

general rule, you should choose a smaller number for a smaller network, a slower 

system or limited bandwidth. The device sends alerts whenever the TCP 

Maximum Incomplete is exceeded. 

Blocking Time

Select the action that the device takes when the TCP maximum incomplete 

threshold is reached.
Select the check box if you want the device to deny new connection requests for 

the number of minutes that you specify (between 1 and 255).
Clear the check box if you want the device to delete the oldest half open session 

when a new connection request comes.

Apply

Click Apply to save your changes back to the device.

Reset Click 

Reset to begin configuring this screen afresh.