M A N A G I N G T R A F F I C F L O W
3
3-6
User Guide
The following commands in
Table 3-5
set up the policies that are used with this scenario. For more
information about CLI commands, see the
CLI Command Reference Guide provided with your
appliance.
Table 3-5: Commands to Set Up Policies
Log Message Counters
A log message is generated the first time a set threshold is passed. This log message is generated
with the following parameters:
Module: Policy
Level: Notification
This log message will be sent to all logging destinations set for the above parameters. Example
commands for sending log messages to syslog and internal storage are included as part of the
Setting Up the Logging Infrastructure
on page 3-4.
The appliance also keeps a counter on how many times a set threshold is
passed. This counter is called an alert-record and can be viewed by using the command "get alert-
record all".
Two possible actions can be specified as part of an alert. If the action is set as "log once" then an
alert-record counter is incremented the first time the set threshold is passed. If the action is set
as "log always", then the alert-record counter reflects the total number of times the alert-record
is passed.
The alert-record counters can be reset by the command "clear alert-record all".
Analyzing and Shaping Traffic
This section explains the internal processes that are used to analyze traffic, send alerts, and deny
its passage.
1.
Connection-rate monitoring involves the following process:
• The packet arrives at the interface of the appliance.
• Validate whether a flow can be identified with the incoming packet. Proceed to the next
step based on the following flow lookup:
If the flow exists, the connection rate limit processing is not needed on the packet.
Command
Description
set policy id 1 from "untrust" to "trust"
"any" "webserver" "web-traffic" permit
alert “cr-shape-alert1” "ab-shape-alert1"
Creates a policy (id 1) that allows all web
traffic to pass and applies alerts when
connection rate reaches 2000 per second,
and when traffic reaches 100 mps.
[NOTE]
The connection rate alert must be
specified before the aggregate bandwidth
alert.
set policy id 2 from "untrust" to "trust"
"any" "webserver" "any" permit alert " ab-
shape-alert2"
Creates a policy (id 2) that allows all web
traffic to pass and applies the aggregate
bandwidth alert when any one user’s
bandwidth reaches 10 Mbps.
set policy default-permit-all
Allows all other traffic to go through.
set route 0.0.0.0/0 interface br0 gateway
192.168.65.240
Sets a default route for management
traffic. This setting should include your
gateway address.
Summary of Contents for freeGuard Slim 100
Page 10: ...FSL100 User Guide x ...
Page 24: ...G E T T I N G ST A R T E D 1 1 14 User Guide ...
Page 42: ...SY S T E M M A NA G E M E N T 2 2 18 User Guide ...
Page 50: ...M A N A G I N G T R A F F IC F L O W 3 3 8 User Guide ...
Page 58: ...C O N F IG U R I N G A TT A C K PRE VE N T I O N 4 4 8 User Guide ...
Page 84: ...T R A F F I C F LO W R E P O R T I N G 5 5 26 User Guide ...
Page 122: ...M O N I T O R I N G T R A FF I C 7 7 16 User Guide ...
Page 134: ...U SI N G S N M P 8 8 12 User Guide ...
Page 166: ...A L PH AB E T I C LI S T I NG OF LO G M E SS AG E S C C 4 User Guide ...
Page 170: ...N O TI F I C A T I O N A N D S A F E T Y ST A TE M E N T S Battery Statement D D 4 User Guide ...