Filter
Top Products
ZyWALL 50 Internet Security Gateway
9-10 Using the ZyWALL Web Configurator
Table 9-3 Attack Alert
FIELD DESCRIPTION DEFAULT VALUES
Denial of Service Thresholds
One Minute Low This is the rate of new half-open sessions
that causes the firewall to stop deleting
half-open sessions. The ZyWALL
continues to delete half-open sessions as
necessary, until the rate of new
connection attempts drops below this
number.
80 existing half-open sessions.
One Minute High This is the rate of new half-open sessions
that causes the firewall to start deleting
half-open sessions. When the rate of new
connection attempts rises above this
number, the ZyWALL deletes half-open
sessions as required to accommodate
new connection attempts.
100 half-open sessions per
minute. The above numbers
cause the ZyWALL to start
deleting half-open sessions
when more than 100 session
establishment attempts have
been detected in the last minute,
and to stop deleting half-open
sessions when fewer than 80
session establishment attempts
have been detected in the last
minute.
Maximum Incomplete
Low
This is the number of existing half-open
sessions that causes the firewall to stop
deleting half-open sessions. The ZyWALL
continues to delete half-open requests as
necessary, until the number of existing
half-open sessions drops below this
number.
80 existing half-open sessions.
Maximum Incomplete
High
This is the number of existing half-open
sessions that causes the firewall to start
deleting half-open sessions. When the
number of existing half-open sessions
rises above this number, the ZyWALL
deletes half-open sessions as required to
accommodate new connection requests.
Do not set Maximum Incomplete High to
lower than the current Maximum
Incomplete Low number.
100 half-open sessions per
minute. The above values
causes the ZyWALL to start
deleting half-open sessions
when the number of existing
half-open sessions rises above
100, and to stop deleting half-
open sessions with the number
of existing half-open sessions
drops below 80.
TCP Maximum
Incom
p
lete
This is the number of existing half-open
TCP sessions with the same destination
10 existing half-open TCP
sessions.