I am installing a PIX. In the static commands the last switch is for the limit on embryonic connects. static (DMZ,outside) X.X.X.15 192.168.1.13 netmask 255.255.255.255 0 0 <--- Every sample configuration I have seen leaves this value at 0. I hate to bring logic into this but, logic tells me that I would want to put a limit on embryonic sessions to protect against SYN attacks. What is a reasonable limit to put on this balancing security and availability? 20, 100, 500? What value do you use in real world implementations??? >From CCO: watch the wrap. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com mands.htm#xtocid1006867 The embryonic connection limit. An embryonic connection is one that has started but not yet completed. Set this limit to prevent attack by a flood of embryonic connections. The default is 0, which means unlimited connections ^-^-^-^-^-^-^-^-^-^-^ Bill Carter CCIE 5022 ^-^-^-^-^-^-^-^-^-^-^ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17994&t=17994 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
