Chapter 13 Firewall Screens
ZyWALL 5/35/70 Series User’s Guide
264
The following table describes the labels in this screen.
13.7 The Firewall Thresholds Screen
For DoS attacks, the ZyWALL uses thresholds to determine when to start dropping sessions
that do not become fully established (half-open sessions). These thresholds apply globally to
all sessions. See Threshold Values on page 275 for more information on DoS thresholds.
Click SECURITY > FIREWALL > Threshold to bring up the next screen. The global
values specified for the threshold and timeout apply to all TCP connections.
Figure 150 SECURITY > FIREWALL > Threshold
Table 73 SECURITY > FIREWALL > Anti-Probing
LABEL DESCRIPTION
Respond to PING
on
Select the check boxes of the interfaces that you want to reply to incoming Ping
requests.
Clear an interface’s check box to have the ZyWALL not respond to any Ping
requests that come into that interface.
Do not respond to
requests for
unauthorized
services.
Select this option to prevent hackers from finding the ZyWALL by probing for
unused ports. If you select this option, the ZyWALL will not respond to port
request(s) for unused ports, thus leaving the unused ports and the ZyWALL
unseen. If this option is not selected, the ZyWALL will reply with an ICMP port
unreachable packet for a port probe on its unused UDP ports and a TCP reset
packet for a port probe on its unused TCP ports.
Note that the probing packets must first traverse the ZyWALL's firewall rule
checks before reaching this anti-probing mechanism. Therefore if a firewall rule
stops a probing packet, the ZyWALL reacts based on the firewall rule to either
send a TCP reset packet for a blocked TCP packet (or an ICMP port-unreachable
packet for a blocked UDP packets) or just drop the packets without sending a
response packet.
Apply Click Apply to save your changes back to the ZyWALL.
Reset Click Reset to begin configuring this screen afresh.
To Next Page
Loading...
