10.3. Threshold Rules
Overview
The objective of a
Threshold Rule
is to have a means of detecting abnormal connection activity as
well as reacting to it. An example of a cause for such abnormal activity might be an internal host
becoming infected with a virus that is making repeated connections to external IP addresses. It
might alternatively be some external source trying to open excessive numbers of connections. (A
"connection" in this context refers to all types of connections, such as TCP, UDP or ICMP, tracked
by the NetDefendOS state-engine).
Note: Threshold rules are not available on all NetDefend models
The threshold rules feature is not available on the DFL-260E.
Threshold Policies
A threshold rule is like other policy based rules found in NetDefendOS. A filtering combination of
source/destination network/interface can be specified as well as a service such as HTTP. Each rule
can have one or more Threshold Action objects added to it as children and these specify how to
handle different threshold conditions.
A
Threshold Action
object has the following key properties:
•
Action
This is the response of the rule when the limit is exceeded. Either the option Audit or Protect
can be selected. These options are explained in more detail below.
•
Group By
The rule can be either Host or Network based. These options are explained below.
•
Threshold
This is the numerical limit which must be exceeded for the action to be triggered.
•
Threshold Type
A rule can be specified to either limit the number of connections per second or limit the total
number of concurrent connections.
Connection rate Limiting allows an administrator to put a limit on the number of new
connections being opened per second.
Total connection limiting allows the administrator to put a limit on the total number of
connections opened. This function is extremely useful when NAT pools are used since
peer-to-peer applications can require large numbers of connections.
The Group By Setting
The two groupings allowed for this property are the following:
•
Host Based
Chapter 10: Traffic Management
803
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...