R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
81
Connection limit configuration
NOTE:
The firewall supports connection limit configuration only in the command line interface (CLI).
Connection limit overview
An internal user that initiates a large quantity of connections to external networks in a short period of time
occupies large amounts of system resources of the device, making other users unable to access network
resources normally. An internal server that receives large numbers of connection requests within a short
time cannot process them in time or accept other normal connection requests. To avoid such situations,
you can configure connection limit policies to collect statistics on and limit the number of connections.
Connection limit configuration task list
Complete the following tasks to configure connection limiting:
Task Remarks
Creating a connection limit policy Required
Configuring an IP address-based connection limit rule Required
Applying the connection limit policy Required
Creating a connection limit policy
A connection limit policy consists of a set of connection limit rules, which define the valid range and
parameters for the policy.
Follow these steps to create a connection limit policy:
To do… Use the command…
Remarks
Enter system view system-view —
Create a connection limit policy
and enter its view
connection-limit policy
policy-number
Required
Configuring the connection limit policy
A connection limit policy can contain one or multiple connection limit rules, each specifying an object or
range for the limit. A user connection matching a rule will be limited based on the parameters in the rule.
For user connections not specifically limited by any connection limit rule, the firewall forwards the data.