TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1-51

Overview

Firewall

Table 1-6. Connection Limit Terminology

Reservation Process

The TMS zl Module invokes the connection reservation policy under the

following circumstances:

■ The per-zone connection limit that corresponds to the traffic has been

reached.

■ The number of total active connections in the system has reached the total

active connections threshold.

When this threshold has been reached, non-reserved IP addresses cannot

make any connections even if their zone limits have not been reached.

Only the reserved IP addresses can make connections.

For a definition of the total active connection threshold see Table 1-6.

Term Meaning Maximum Value Default Value Example

Per-zone connection

limit

The total number of

connections that can

originate from a zone

600,000 • External = 150,000

• Internal = 150,000

• DMZ = 150,000

• Self = 21,428

• Zone1–Zone6 =

21,428

• External = 10,000

• Internal = 10,000

• Zone1 = 7,000

• Zone2 = 5,000

• Self = 3,000

• Zone3–Zone6 = 0

Global maximum

connections

The sum of all per-zone

connection limits

600,000 599,996 35,000

Reservation

connection count

The number of

connections reserved

for each IP address

specified in the

reservation

1500 per IP address

per connection

reservation

0 • 20 outbound for

each address

between 10.1.1.1

and 10.1.1.40

• 60 inbound for each

address between

10.1.2.1 and

10.1.1.20

Total reserved

connection count

The total number of

connections reserved

for traffic to or from

specified IP addresses

600,000 0 2000

Total active connec-

tion threshold

The number of global

maximum connections

minus the total

reserved connection

count

600,000 599,996 33,000