F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
144
Ste
p
Command
3. Configure an IP address-based
connection limit rule.
limit limit-id { source ip { ip-address mask-length | any } [ source-vpn
src-vpn-name ] | destination ip { ip-address mask-length | any }
[ destination-vpn dst-vpn-name ] } * protocol { dns | http | ip | tcp
| udp } max-connections max-num [ per-destination | per-source |
per-source-destination ]
189BApplying the connection limit policy
To make a connection limit policy take effect, apply it globally.
To apply a connection limit policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Apply a connection limit
policy.
connection-limit apply policy
policy-number
Only one connection limit policy
can be applied globally.
190BDisplaying and maintaining connection limit policies
Task Command
Remarks
Display information about
one or all connection limit
policies.
display connection-limit policy { policy-number |
all } [ | { begin | exclude | include }
regular-expression ]
Available in any view.
191BConnection limit configuration example
357BNetwork requirements
As shown in 656HFigure 121, a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The
internal network address is 192.168.0.0/16 and two servers are on the internal network. Perform NAT
configuration so that the internal users can access the Internet and external users can access the internal
servers, and configure connection limiting so that:
• Each host on segment 192.168.0.0/24 can establish up to 100 connections to external network and
all the other hosts can establish as many connections as possible.
• Permit up to 10000 connections from the external network to the DNS server.
• Permit up to 10000 connections from the external network to the Web server.