Connection limit, Connection limit overview, Configuring connection limit – H3C Technologies H3C SecPath F1000-E User Manual
Page 589
1
Connection Limit
Connection Limit Overview
If a client in an internal network initiates a large number of connections to the external network through
the device, the system resources of the device may be used up, and other users cannot access the
network resources normally. In addition, if an internal server receives a large number of connection
requests from a client in a short time, the server may not be able to process them in time and cannot
handle the connection requests from other clients.
To protect internal network resources (hosts or servers) and ensure proper allocation of the system
resources of the device, you can configure connection limit policies on the device, based on the
following criteria:
•
Source IP address – Limits the number of connections from a specified host or network segment in the
internal network to the external network.
•
Destination IP address – Limits the number of connections from hosts or network segments in the
external network to a specified internal server.
•
Source IP address and destination IP address – Limits the number of connections from a specified
host or network segment in the internal network to a specified host or network segment in the
external network.
•
Subnet – Limits the total number of connections through the device.
Configuring Connection Limit
After logging in to the web interface, select Firewall > Session Table > Connection Limit from
the navigation tree to enter the connection limit configuration page, as shown in
. By default,
connection limit is disabled.
Figure 18 Enable connection limit
Select the Enable Connection Limit checkbox to display the connection limit policy list, as shown in
. Click Add to add an entry as required, and click to save your configuration.