Configuring connection limits, Overview, Configuring connection limit in the web interface – H3C Technologies H3C SecPath F1000-E User Manual

106

Configuring connection limits

Overview

If a client in an internal network initiates a large number of connections to the external network through

the firewall, the system resources of the firewall might be used up, and other users cannot access the
network resources normally. In addition, if an internal server receives a large number of connection

requests from a client in a short time, the server might not be able to process them in time and cannot

handle the connection requests from other clients.
To protect internal network resources (hosts or servers) and ensure proper allocation of the system
resources of the firewall, you can configure connection limit policies on the firewall, based on the

following criteria:

•

Source IP address: Limits the number of connections from a specified host or network segment in the
internal network to the external network.

•

Destination IP address: Limits the number of connections from hosts or network segments in the
external network to a specified internal server.

•

Source IP address and destination IP address: Limits the number of connections from a specified
host or network segment in the internal network to a specified host or network segment in the

external network.

•

Subnet: Limits the total number of connections through the firewall.

Configuring connection limit in the Web interface

1.

Select Firewall > Session Table > Connection Limit from the navigation tree.
By default, connection limit is disabled.

Figure 106 Enabling connection limit

2.

Click the Enable Connection Limit box to display the connection limit policy list.