Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
33
destination-vpn dst-vpn-name: Specifies a destination VPN by its instance name, a case-sensitive string
of 1 to 31 characters. Absence of the keyword and argument combination indicates the public network.
protocol: Specifies connections of a protocol.
dns: Specifies connections of the DNS protocol.
http: Specifies connections of the HTTP protocol.
ip: Specifies connections of the IP protocol.
tcp: Specifies connections of the TCP protocol.
udp: Specifies connections of the UDP protocol.
max-connections max-num: Maximum number of the connections, in the range of 0 to 1000000.
per-destination: Limits connections by destination address.
per-source: Limits connections by source address.
per-source-destination: Limits connections by source-desitnation address pair.
Description
Use the limit command to configure an IP address-based conneciton limit policy rule. Within a
connection limit policy, the criteria of each rule must be unique.
Use the undo limit command to remove a conneciton limit policy rule.
The connection limit rules are become invalid if the VPN instance with which the rules are associated are
removed.
The connection limit rules in a policy are matched in ascending order of rule ID. Take the match order into
consideration when assigning the rules IDs. HP recommends you arrange the rule by limit granularity
and limit range in ascending order.
Related commands: connection-limit policy, display connection-limit policy.
Examples
# Configure connection limit rule 1 for policy 0 to l i m i t TC P c o n n e c t i o n s s o u r c e d f r o m 1.1.1.1 w i t h t h e
upper connection limit of 200.
<Sysname> system-view
[Sysname] connection-limit policy 0
[Sysname-connection-limit-policy-0] limit 1 source ip 1.1.1.1 32 protocol tcp
max-connections 200
# Configure connection limit rule 2 to limit UDP connections destined to 2.2.2.2 with the upper
connection limit of 200.
[Sysname-connection-limit-policy-0] limit 2 destination ip 2.2.2.2 32 protocol udp
max-connections 200
# Configure connection limit rule 3 to limit IP connections sourced from the segment 1.1.1.0/24 with the
upper connection limit of 200.
[Sysname-connection-limit-policy-0] limit 3 source ip 1.1.1.0 24 protocol ip
max-connections
200 per-source
# Configure connection limit rule 4 to limit IP connections destined to the segment 2.2.2.0/24 with the
upper connection limit of 200.
[Sysname-connection-limit-policy-0] limit 4 destination ip 2.2.2.0 24 protocol ip
max-connections 200 per-destination