Configuring connection limit, Figure 8 – H3C Technologies H3C SecPath F1000-E User Manual
Page 628
8
Figure 8 Add a SYN flood detection rule
describes the configuration items.
Table 4 SYN flood detection configuration items
Item
Description
IP Address
Specify the IP address of the protected host.
Connection Rate
Threshold
Set the maximum TCP connection rate for the IP address.
Protected Host
Configuration
Half Connection
Count
Set the maximum number of the half-open TCP connections
that can be present for the IP address.
Connection Rate
Threshold
Set the global maximum TCP connection rate for each host in
the current security zone.
Global Configuration
of Security Zone
Half Connection
Count
Set the global maximum number of half-open TCP connections
that can be present for each host in the current security zone.
NOTE:
•
In a security zone, you can configure multiple protected hosts and one global connection rate
threshold.
•
For a host, the host-specific setting overrides the global setting of the security zone in case conflict
occurs.
Configuring Connection Limit
From the navigation tree, select Intrusion Detection > Traffic Abnormality > Connection Limit
to enter the connection limit configuration page, as shown in
. You can select a security zone
and then view and configure the connection limit for the security zone.