Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
51525354555657585960
44
per-source: Limits connections by source IP address.
per-source-destination: Limits connections by source-desitnation IP address pair.
Description
Use limit to configure an IP address-based connection limit policy rule. Within a connection limit policy,
the criteria of each rule must be unique.
Use undo limit to remove a connection limit policy rule.
The connection limit rules become invalid when the VPN with which the rules are associated are
removed.
The connection limit rules in a policy are matched in ascending order of rule ID. Take the match order into
consideration when assigning the rules IDs. HP recommends you arrange the rule by limit granularity
and limit range in ascending order.
Related commands: connection-limit policy and display connection-limit policy.
Examples
# Configure connection limit rule 1 for policy 1 to limit the maximum number of TCP connections sourced
f r o m 1.1.1.1.
<Sysname> system-view
[Sysname] connection-limit policy 0
[Sysname-connection-limit-policy-0] limit 1 source ip 1.1.1.1 32 protocol tcp
max-connections 200
# Configure connection limit rule 2 to limit the maximum number of UDP connections destined to 2.2.2.2.
[Sysname-connection-limit-policy-0] limit 2 destination ip 2.2.2.2 32 protocol udp
max-connections 200
# Configure connection limit rule 3 to limit the maximum number of IP connections sourced from each
h o s t o n t h e s e g m e n t 1.1.1.0 / 24 .
[Sysname-connection-limit-policy-0] limit 3 source ip 1.1.1.0 24 protocol ip
max-connections 200 per-source
# Configure connection limit rule 4 to limit the maximum number of IP connections destined to each host
on the segment 2.2.2.0/24.
[Sysname-connection-limit-policy-0] limit 4 destination ip 2.2.2.0 24 protocol ip
max-connections 200 per-destination
# Configure connection limit rule 5 to limit the maximum number of IP connections from vpn1 to vpn2.
[Sysname-connection-limit-policy-0] limit 5 source ip any source-vpn vpn1 destination ip
any destination-vpn vpn2 protocol ip max-connections 200