H3C Technologies H3C SecPath F1000-E User Manual

107

Figure 107 Connection limit policies

3.

Click Add to add an entry as required.

4.

Configure the necessary parameters as described in

Table 42

, and click to buffer your

configuration.

5.

Click Apply to make your settings into effect.

Table 42 Configuration items

Item Description

Source IP

Specify the source IP address, mask, and VPN.

•

If you specify neither source IP address nor mask, the configuration limits the

number of connections from all hosts in the source network.

•

If you do not specify any source VPN, the configuration limits the number of

connections from the host or network segment on the public network.

Source Mask

Source VPN

Destination IP

Specify the destination IP address, mask, and VPN.

•

If you specify neither destination IP address nor mask, the configuration limits the

number of connections to all hosts in the destination network.

•

If you do not specify any destination VPN, the configuration limits the number of
connections to the host or network segment on the public network.

Destination Mask

Destination VPN

Protocol

Select the protocol type for connection limit.

Max Connections

Type the maximum number of allowed connections.

Limit By

Select the criterion for connection limit:

•

Source—Limits the number of connections based on source IP address.

•

Destination—Limits the number of connections based on destination IP address.

•

Source-destination—Limits the number of connections based on source IP

address and destination IP address.

•

Subnet—Limits the total number of connections through the firewall.

NOTE:
•

A connection limit policy cannot have the same source network segment, destination network segment,
or protocol as another policy.

•

A later configured policy is first used for matching the connection requests and applies to limit the
connections if matched. Therefore, when you configure multiple connection limit policies, configure the

ones with a smaller granularity later.