HP VPN Firewall Appliances Access Control Configuration Guide
139
Configuring connection limit policies at the CLI
Connection limit configuration task list
Tasks Remarks
• Creating a connection limit policy
• Configuring the connection limit policy
• Applying the connection limit policy
Required.
Required.
Required.
Creating a connection limit policy
A connection limit policy is a set of connection limit rules that define the valid range and parameters for
the policy.
To create a connection limit policy:
Ste
p
Command
1. Enter system view.
system-view
2. Create a connection limit policy and enter its view.
connection-limit policy policy-number
Configuring the connection limit policy
A connection limit policy contains one or more connection limit rules, each specifying an object or range
for the limit. A user connection that matches a rule is limited based on the parameters in the rule. For user
connections not matching any connection limit rule, the device does not limit them.
An IP address-based connection limit rule allows you to limit the number of connections from a specific
source IP address to a specific destination IP address.
The limit rules are matched in ascending order of rule ID. When you configure connection limit rules for
a policy, carefully check the rules and their order. HP recommends arranging the rules in ascending
order of scale and range.
An IP address-based connection limit rule can be of any of the following types:
• Source-to-destination—Limits connections from a specific internal host or segment to a specific
external host or segment.
• Source-to-any—Limits connections from a specific internal host or segment to external networks.
• Any-to-destination—Limits connections from external networks to a specific internal server.
• Any-to-any—Limits the total number of connections passing through the device.
To configure an IP address-based connection limit rule:
Ste
p
Command
1. Enter system view.
system-view
2. Enter connection limit policy view.
connection-limit policy policy-number