F3215-HP Load Balancing Module Security Configuration Guide-6PW101
209
Task Remarks
Applying the connection limit policy Required.
Creating a connection limit policy
A connection limit policy is a set of connection limit rules that define the valid range and parameters for
the policy.
To create a connection limit policy:
Ste
p
Command
1. Enter system view.
system-view
2. Create a connection limit policy and enter its view. connection-limit policy policy-number
Configuring the connection limit policy
A connection limit policy contains one or more connection limit rules, each specifying an object or range
for the limit. A user connection that matches a rule is limited based on the parameters in the rule. For user
connections not matching any connection limit rule, they are not counted and limited.
The limit rules are matched in ascending order of rule ID. When you configure connection limit rules for
a policy, carefully check the rules and their order. HP recommends arranging the rules in ascending
order of scale and range.
A connection limit rule can be of any of the following types:
• Source-to-destination—Limits connections from a specific internal host or segment to a specific
external host or segment.
• Source-to-any—Limits connections from a specific internal host or segment to external networks.
• Any-to-destination—Limits connections from external networks to a specific internal server.
• Any-to-any—Limits the total number of connections passing through the device.
To configure a connection limit rule:
Ste
p
Command
1. Enter system view.
system-view
2. Enter connection limit policy view.
connection-limit policy policy-number
3. Configure the connection limit rule.
limit limit-id { source ip { ip-address mask-length | any } [ source-vpn
src-vpn-name ] | destination ip { ip-address mask-length | any }
[ destination-vpn dst-vpn-name ] } * protocol { dns | http | ip | tcp
| udp } max-connections max-num [ per-destination | per-source |
per-source-destination ]
Applying the connection limit policy
To make a connection limit policy take effect, apply it globally or to a service module.
To apply a connection limit policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A