Chapter 20 Firewall
VMG/EMG/AM/DM/GM Series User’s Guide
347
20.6 DoS
DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection
requests, using so much bandwidth and so many resources that Internet access becomes unavailable.
Use the DoS screen to activate protection against DoS attacks.
Click Security > Firewall > DoS to display the following screen.
Source IP Address If you selected Specific IP Address in the previous item, enter the source device’s IP
address here. Otherwise this field will be hidden if you select the detected device.
Select Destination
Device
If you want your rule to apply to packets with a particular (single) IP, select Specific IP
Address. If not, select a detected device.
Destination IP Address If you selected Specific IP Address in the previous item, enter the destination device’s IP
address here. Otherwise this field will be hidden if you select the detected device.
MAC Address Enter the MAC addresses of the WiFi or wired LAN clients that are allowed access to the
Zyxel Device in these address fields. Enter the MAC addresses in a valid MAC address
format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
IP Type Select between IPv4 or IPv6. Compared to IPv4, IPv6 (Internet Protocol version 6), is
designed to enhance IP address size and features. The increase in IPv6 address size to
128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. The Zyxel
Device can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports
IPv6 rapid deployment (6RD).
Select Service Select a service from the Select Service box.
Protocol Select the protocol (ALL, TCP/UDP, TCP, UDP, ICMP, or ICMPv6) used to transport the
packets for which you want to apply the rule.
Custom Source Port This is a single port number or the starting port number of a range that defines your rule.
Custom Destination
Port
This is a single port number or the ending port number of a range that defines your rule.
TCP Flag Select the TCP Flag (SYN, ACK, URG, PSH, RST, FIN).
This appears when you select TCP/UDP or TCP in the Protocol field.
Type This field is displayed only when you select Specific Protocol in Select Service and ICMPv6
in the protocol field.
From the drop-down list box, select which ICMPv6 type you would like to use.
Policy Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP
destination-unreachable message to the sender (Reject), or allow the passage of
(Accept) packets that match this rule.
Direction Select WAN to LAN to apply the rule to traffic from WAN to LAN. Select LAN to WAN to
apply the rule to traffic from LAN to WAN. Select WAN to Router to apply the rule to traffic
from WAN to router. Select LAN to Router to apply the rule to traffic from LAN to router.
Enable Rate Limit Click this switch to enable the setting of maximum number of packets per maximum
number of minute or second to limit the throughput of traffic that matches this rule. If not,
the next item will be disabled.
packet(s) per (1–512) Enter the maximum number of packets (1 – 512) per minute or second.
Add New Rule Select a schedule rule for this ACL rule from the drop-down li
st box. You can configure a
new schedule rule by clicking Add New Rule.
OK Click this to save your changes.
Cancel Click this to exit this screen without saving.
Table 113 Security > Firewall > Access Control > Add New ACL Rule (continued)
LABEL DESCRIPTION
To Next Page
Loading...
