Chapter 10 Firewalls
P-79X Series User’s Guide
110
10.5 Firewall Technical Reference
This section provides some technical background information about the topics covered in this
chapter.
10.5.1 Firewall Rules Overview
Your customized rules take precedence and override the P-79X’s default settings. The P-79X checks
the source IP address, destination IP address and IP protocol type of network traffic against the
firewall rules (in the order you list them). When the traffic matches a rule, the P-79X takes the
action specified in the rule.
Firewall rules are grouped based on the direction of travel of packets to which they apply:
By default, the P-79X’s stateful packet inspection allows packets traveling in the following
directions:
• LAN to LAN/ Router
These rules specify which computers on the LAN can manage the P-79X (remote management)
and communicate between networks or subnets connected to the LAN interface (IP alias).
Note: You can also configure the remote management settings to allow only a specific
computer to manage the P-79X.
TCP Maximum
Incomplete
An unusually high number of half-open sessions with the same destination host
address could indicate that a DoS attack is being launched against the host.
Specify the number of existing half-open TCP sessions with the same
destination host IP address that causes the firewall to start dropping half-open
sessions to that same destination host IP address. Enter a number between 1
and 256. As a general rule, you should choose a smaller number for a smaller
network, a slower system or limited bandwidth. The P-79X sends alerts
whenever the TCP Maximum Incomplete is exceeded.
Action taken when
TCP Maximum
Incomplete
reached threshold
Select the action that P-79X should take when the TCP maximum incomplete
threshold is reached. You can have the P-79X either:
Delete the oldest half open session when a new connection request comes.
or
Deny new connection requests for the number of minutes that you specify
(between 1 and 255).
Apply Click this to save your changes.
Cancel Click this to restore your previously saved settings.
Table 38 Security > Firewall > Threshold (continued)
LABEL DESCRIPTION
•LAN to LAN/ Router •WAN to LAN
• LAN to WAN • WAN to WAN/ Router
To Next Page
Loading...
