Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
141142143144145146147148149150
142
Troubleshooting connection limiting
Symptom
On the Firewall, create a connection limit policy and configure two rules for the policy. One limits
connections from each host on segment 192.168.0.0/24 with the upper connection limit 10, and another
limits connections from 192.168.0.100 with the upper connection limit 100.
<Firewall> system-view
[Firewall] connection-limit policy 0
[Firewall-connection-limit-policy-0] limit 0 source ip 192.168.0.0 24 destination ip any
protocol ip max-connections 10 per-source
[Firewall-connection-limit-policy-0] limit 1 source ip 192.168.0.100 32 destination ip
any protocol ip max-connections 100 per-source
With the configuration, the host at 192.168.0.100 can only initiate up to 10 connections to the external
network.
Analysis
Both rules limit 0 and limit 1 contain the IP address 192.168.0.100, and the rule with a smaller ID is
matched first. The rule limit 0 is used for limiting connections from 192.168.0.100.
Solution
Rearrange the two connection limit rules by exchanging their rule IDs so that the rule for the host is
matched first.