![background image](/i/zyxel/144895/zyxel-zywall-2-ee/h/zyxel-zywall-2-ee-180.png)
ZyWALL 2 Series User’s Guide
11-24
Firewall
Screens
Table 11-6 Attack Alert
LABEL DESCRIPTION
DEFAULT
VALUES
Maximum Incomplete
High
This is the number of existing half-open
sessions that causes the firewall to start
deleting half-open sessions. When the
number of existing half-open sessions rises
above this number, the ZyWALL deletes half-
open sessions as required to accommodate
new connection requests. Do not set
Maximum Incomplete High
to lower than the
current
Maximum
I
ncomplete
Low
number.
100 existing half-open sessions.
The above values causes the
ZyWALL to start deleting half-
open sessions when the number
of existing half-open sessions
rises above 100, and to stop
deleting half-open sessions with
the number of existing half-open
sessions drops below 80.
TCP Maximum
Incomplete
This is the number of existing half-open TCP
sessions with the same destination host IP
address that causes the firewall to start
dropping half-open sessions to that same
destination host IP address. Enter a number
between 1 and 256. As a general rule, you
should choose a smaller number for a smaller
network, a slower system or limited
bandwidth.
30 existing half-open TCP
sessions.
Blocking Period When
TCP Maximum Incomplete
is reached
you can choose if the next session should be
allowed or blocked. If you check
Blocking
Period
any new sessions will be blocked for
the length of time you specify in the next field
(min) and all old incomplete sessions will be
cleared during this period. If you want strong
security, it is better to block the
traffic for a short time, as it will give the server
some time to digest the loading.
Select this check box to specify a
number in minutes (min) text
box.
(min) Enter the length of
Blocking Period
in
minutes.
0
Apply
Click
Apply
to save your changes back to the ZyWALL.
Reset
Click
Reset
to begin configuring this screen afresh.