D-Link DFL-260-IPS-12 Product Manual - Page 470
Threshold Rules, 10.3.1. Overview, 10.3.2. Limiting the Connection Rate/Total Connections
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 470 highlights
10.3. Threshold Rules Chapter 10. Traffic Management 10.3. Threshold Rules 10.3.1. Overview The objective of a Threshold Rule is to have a means of detecting abnormal connection activity as well as reacting to it. An example of a cause for such abnormal activity might be an internal host becoming infected with a virus that is making repeated connections to external IP addresses. It might alternatively be some external source trying to open excessive numbers of connections. (A "connection" in this context refers to all types of connections, such as TCP, UDP or ICMP, tracked by the NetDefendOS state-engine). Note: Threshold Rules are not available on all NetDefend models The Threshold Roles feature is only available on the D-Link NetDefend DFL-800, 860, 1600, 1660, 2500, 2560 and 2560G. Threshold Policies A Threshold Rule is like other policy based rules found in NetDefendOS, a combination of source/destination network/interface can be specified for a rule and a type of service such as HTTP can be associated with it. Each rule can have associated with it one or more Actions which specify how to handle different threshold conditions. A Threshold Rule has the following parameters associated with it: • Action This is the response of the rule when the limit is exceeded. Either the option Audit or Protect can be selected. • Group By The rule can be either Host or Network based. • Threshold This is the numerical limit which must be exceeded for the action to be triggered. • Threshold Type The rule can be specified to either limit the number of connections per second or limit the total number of concurrent connections. These parameters are described below: 10.3.2. Limiting the Connection Rate/Total Connections Limiting the Connection Rate Connection Rate Limiting allows an administrator to put a limit on the number of new connections being opened to the NetDefend Firewall per second. Limiting the Total Connections Total Connection Limiting allows the administrator to put a limit on the total number of connections opened to the NetDefend Firewall. 470