Chapter 9 Firewalls
P-660HN-FxZ Series User’s Guide
152
9.1.2
What You Need to Know About Firewall
DoS
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the
Internet. Their goal is not to steal information, but to disable a device or network so users no
longer have access to network resources. The ZyXEL Device is pre-configured to
automatically detect and thwart all known DoS attacks.
Anti-Probing
If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP
response packet is automatically returned. This allows the outside user to know the ZyXEL
Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response
packet from being sent. This keeps outsiders from discovering your ZyXEL Device when
unsupported ports are probed.
ICMP
Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP)
datagrams, but the messages are processed by the TCP/IP software and directly apparent to the
application user.
DoS Thresholds
For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that
do not become fully established. These thresholds apply globally to all sessions. You can use
the default threshold values, or you can change them to values more suitable to your security
requirements.
Finding Out More
•
See
Section 9.1.3 on page 152
for an example of setting up a firewall.
•
See
Section 9.5 on page 166
for advanced technical information on firewall.
9.1.3
Firewall Rule Setup Example
The following Internet firewall rule example allows a hypothetical “MyService” connection
from the Internet.
1
Click
Security > Firewall
>
Rules
.
2
Select
WAN to LAN
in the
Packet Direction
field.
19216811.live