Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
141142143144145146147148149150
137
Configuring connection limits
Overview
If a client in an internal network initiates a large number of connections to the external network through
the device, the system resources of the device might be used up, and other users cannot access the
network resources correctly. In addition, if an internal server receives a large number of connection
requests from a client in a short time, the server might not be able to process them in time and cannot
handle the connection requests from other clients.
To protect internal network resources (hosts or servers) and ensure proper allocation of the system
resources of the device, you can configure connection limit policies on the device, based on the following
criteria:
Source IP address—Limits the number of connections from a specified host or network segment in
the internal network to the external network.
Destination IP address—Limits the number of connections from hosts or network segments in the
external network to a specified internal server.
Source IP address and destination IP address—Limits the number of connections from a specified
host or network segment in the internal network to a specified host or network segment in the
external network.
Subnet—Limits the total number of connections through the device.
Configuring connection limit policies in the Web
interface
Two connection limit policies must have at least one different configuration in the source network segment,
destination network segment, and protocol.
A later configured policy is first used for matching the connection requests and applies to limit the
connections if matched. Therefore, when you configure multiple connection limit policies, configure the
ones with smaller granularity later.
To configure connection limit policies:
1. Select Firewall > Session Table > Connection Limit from the navigation tree.
By default, connection limit is disabled.
Figure 111 Enabling connection limit
2. Click the Enable Connection Limit box to display the connection limit policy list.