beautypg.com

Configuring connection limits, Connection limit configuration task list, Creating a connection limit policy – H3C Technologies H3C SecBlade LB Cards User Manual

Page 262: Configuring the connection limit policy

background image

251

Configuring connection limits

Connection limit configuration task list

Task Remarks

Creating a connection limit policy

Required.

Configuring the connection limit policy

Required.

Applying the connection limit policy

Required.

Creating a connection limit policy

A connection limit policy is a set of connection limit rules that define the valid range and parameters for

the policy.
To create a connection limit policy:

Step Command

1.

Enter system view.

system-view

2.

Create a connection limit policy and enter its view.

connection-limit policy policy-number

Configuring the connection limit policy

A connection limit policy contains one or more connection limit rules, each specifying an object or range

for the limit. A user connection that matches a rule is limited based on the parameters in the rule. For user

connections not matching any connection limit rule, they are not counted and limited.
The limit rules are matched in ascending order of rule ID. When you configure connection limit rules for
a policy, carefully check the rules and their order. H3C recommends arranging the rules in ascending

order of scale and range.
A connection limit rule can be of any of the following types:

Source-to-destination—Limits connections from a specific internal host or segment to a specific
external host or segment.

Source-to-any—Limits connections from a specific internal host or segment to external networks.

Any-to-destination—Limits connections from external networks to a specific internal server.

Any-to-any—Limits the total number of connections passing through the device.

To configure a connection limit rule:

Step Command

1.

Enter system view.

system-view

2.

Enter connection limit policy view.

connection-limit policy policy-number

3.

Configure the connection limit rule.

limit limit-id { source ip { ip-address mask-length | any } [ source-vpn
src-vpn-name ] | destination ip { ip-address mask-length | any }

[ destination-vpn dst-vpn-name ] } * protocol { dns | http | ip | tcp

| udp } max-connections max-num [ per-destination | per-source |
per-source-destination ]

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: