Set Connection Rate Limits

To improve network security, you can create a limit on a policy so that it only filters a specified number of connections per second. If additional connections are attempted, the traffic is denied and a log message is generated.

You can also configure the policy to generate an alarm when the connection rate limit is exceeded. You can configure the alarm to make the Firebox send an event notification to the SNMP management system, or to send a notification as an email message or a pop-up window on the management computer.

To configure connection rate limits, from Fireware Web UI:

  1. Select Firewall > Firewall Policies or Firewall > Mobile VPN IPSec Policies.
    The Policies page appears.
  2. In the Policy Name column, click the name of the policy to edit.
  3. Select the Advanced tab.
  4. Select the Specify Connection Rate check box.
  5. In the adjacent text box, type or select the maximum number of connections that this policy can process each second.

Policy configuration, advanced tab, connection rate

  1. To set the notification parameters, select the Settings tab, and specify the notification settings as described in Set Logging and Notification Preferences.
  2. Click Save.

To configure connection rate limits, from Policy Manager:

  1. Double-click a policy to edit it.
    The Edit Policy Properties dialog box appears.
  2. Select the Advanced tab.
  3. From the Connection Rate drop-down list, select the maximum number of connections that this policy can process each second.
    The default setting puts no limits on the connection rate.

Policy configuration, advanced tab, connection rate

  1. To receive a notification when the connection rate is exceeded, select the Alarm when capacity exceeded check box.
  2. To set the notification parameters, click Notification and specify the notification settings as described in Set Logging and Notification Preferences.
  3. Click OK.

Related Topics

About Traffic Management and QoS