HP VPN Firewall Appliances Access Control Configuration Guide
140
Ste
p
Command
3. Configure an IP address-based
connection limit rule.
limit limit-id { source ip { ip-address mask-length | any } [ source-vpn
src-vpn-name ] | destination ip { ip-address mask-length | any }
[ destination-vpn dst-vpn-name ] } * protocol { dns | http | ip | tcp
| udp } max-connections max-num [ per-destination | per-source |
per-source-destination ]
Applying the connection limit policy
To make a connection limit policy take effect, apply it globally.
To apply a connection limit policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Apply a connection limit
policy.
connection-limit apply policy
policy-number
Only one connection limit policy
can be applied globally.
Displaying and maintaining connection limit policies
Task Command
Remarks
Display information about
one or all connection limit
policies.
display connection-limit policy { policy-number |
all } [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Connection limit configuration example
Network requirements
As shown in Figure 113 , a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24. The
internal network address is 192.168.0.0/16 and two servers are on the internal network. Perform NAT
configuration so that the internal users can access the Internet and external users can access the internal
servers, and configure connection limiting so that:
• Each host on segment 192.168.0.0/24 can establish up to 100 connections to external network and
all the other hosts can establish as many connections as possible.
• Permit up to 10000 connections from the external network to the DNS server.
• Permit up to 10000 connections from the external network to the Web server.