Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
82
Configuring an IP address-based connection limit rule
An IP address-based connection limit rule allows you to limit the number of connections from a specified
source IP address to a specified destination IP address.
The limit rules are matched in ascending order of rule ID. When configuring connection limit rules for a
policy, check the rules and their order carefully. HP recommends arrange the rules in ascending order of
granularity and range.
An IP address-based connection limit rule can be of any of these types:
Source-to-destination—Limits connections from a specific internal host or segment to a specific
external host or segment.
Source-to-any—Limits connections from a specific internal host or segment to external networks.
Any-to-destination—Limits connections from external networks to a specific internal server.
Any-to-any—Limits the total number of connections passing through the device.
Follow these steps to configure an IP address-based connection limit rule:
To do… Use the command…
Remarks
Enter system view
system-view
Enter connection limit policy view connection-limit policy policy-number
Configure an IP address-based
connection limit rule
limit limit-id { source ip { ip-address mask-length | any }
[ source-vpn src-vpn-name ] | destination ip { ip-address
mask-length | any } [ destination-vpn dst-vpn-name ] } *
protocol { dns | http | ip | tcp | udp } max-connections
max-num [ per-destination | per-source |
per-source-destination ]
Required
Applying the connection limit policy
To make a connection limit policy take effect, apply it globally.
Follow these steps to apply a connection limit policy:
To do… Use the command…
Remarks
Enter system view system-view
Apply a connection limit
policy
connection-limit apply policy policy-number Required
Displaying and maintaining connection limiting
To do… Use the command…
Remarks
Display information about one or
all connection limit policies
display connection-limit policy
{ policy-number | all }
Available in any view