D-Link DFL-860E User Manual for DFL-260E - Page 511
Threshold Rules, Overview, Threshold Policies, Limiting the Connection Rate
View all D-Link DFL-860E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 511 highlights
10.3. Threshold Rules Chapter 10. Traffic Management 10.3. Threshold Rules Overview The objective of a Threshold Rule is to have a means of detecting abnormal connection activity as well as reacting to it. An example of a cause for such abnormal activity might be an internal host becoming infected with a virus that is making repeated connections to external IP addresses. It might alternatively be some external source trying to open excessive numbers of connections. (A "connection" in this context refers to all types of connections, such as TCP, UDP or ICMP, tracked by the NetDefendOS state-engine). Note: Threshold Rules are not available on all NetDefend models The Threshold Roles feature is only available on the D-Link NetDefend DFL-860E, 1660, 2560 and 2560G. Threshold Policies A Threshold Rule is like other policy based rules found in NetDefendOS, a combination of source/destination network/interface can be specified for a rule and a type of service such as HTTP can be associated with it. Each rule can have one or more Actions associated with it and these specify how to handle different threshold conditions. A Threshold Rule has the following parameters associated with it: • Action This is the response of the rule when the limit is exceeded. Either the option Audit or Protect can be selected. These options are explained in more detail below. • Group By The rule can be either Host or Network based. These options are explained below. • Threshold This is the numerical limit which must be exceeded for the action to be triggered. • Threshold Type The rule can be specified to either limit the number of connections per second or limit the total number of concurrent connections. Limiting the Connection Rate Connection Rate Limiting allows an administrator to put a limit on the number of new connections being opened to the NetDefend Firewall per second. Limiting the Total Connections Total Connection Limiting allows the administrator to put a limit on the total number of connections opened to the NetDefend Firewall. This function is extremely useful when NAT pools are required due to the large number of connections generated by P2P users. 511