R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101
108
NOTE:
• A connection limit policy cannot have the same source network segment, destination network segment,
or protocol as another policy.
• A later configured policy is first used for matching the connection requests and applies to limit the
connections if matched. Therefore, when you configure multiple connection limit policies, confi
g
ure the
ones with a smaller granularity later.
Configuring connection limit at the CLI
Connection limit configuration task list
Complete the following tasks to configure connection limiting:
Task Remarks
Creating a connection limit policy Required
Configuring the connection limit policy
Configuring an IP address-based connection limit rule Required
Applying the connection limit policy Required
Creating a connection limit policy
A connection limit policy comprises a set of connection limit rules, which define the valid range and
parameters for the policy.
To create a connection limit policy:
Ste
p
Command
1. Enter system view.
system-view
2. Create a connection limit policy and enter its view.
connection-limit policy policy-number
Configuring the connection limit policy
A connection limit policy can contain multiple connection limit rules. Each rule defines an object or range
to limit the connections that match the rule. For a connection that does not match the rule, the device
allows the traffic through the connection to pass. The device only supports IP address-based connection
limit rules.
Configuring an IP address-based connection limit rule
The limit rules are matched in ascending order of rule ID. When you configure connection limit rules for
a policy, check the rules and their order carefully. HP recommends arrange the rules in ascending order
of granularity and range.
To configure an IP address-based connection limit rule:
Ste
p
Command
1. Enter system view.
system-view