10.3. Threshold Rules
Overview
The objective of a Threshold Rule is to have a means of detecting abnormal connection activity as
well as reacting to it. An example of a cause for such abnormal activity might be an internal host
becoming infected with a virus that is making repeated connections to external IP addresses. It
might alternatively be some external source trying to open excessive numbers of connections. (A
"connection" in this context refers to all types of connections, such as TCP, UDP or ICMP, tracked
by the NetDefendOS state-engine).
Note: Threshold Rules are not available on all NetDefend models
The Threshold Roles feature is only available on the D-Link NetDefend DFL-860E,
1660, 2560 and 2560G.
Threshold Policies
A Threshold Rule is like other policy based rules found in NetDefendOS, a combination of
source/destination network/interface can be specified for a rule and a type of service such as HTTP
can be associated with it. Each rule can have one or more Actions associated with it and these
specify how to handle different threshold conditions.
A Threshold Rule has the following parameters associated with it:
•
Action
This is the response of the rule when the limit is exceeded. Either the option Audit or Protect
can be selected. These options are explained in more detail below.
•
Group By
The rule can be either Host or Network based. These options are explained below.
•
Threshold
This is the numerical limit which must be exceeded for the action to be triggered.
•
Threshold Type
The rule can be specified to either limit the number of connections per second or limit the total
number of concurrent connections.
Limiting the Connection Rate
Connection Rate Limiting allows an administrator to put a limit on the number of new connections
being opened to the NetDefend Firewall per second.
Limiting the Total Connections
Total Connection Limiting allows the administrator to put a limit on the total number of connections
opened to the NetDefend Firewall.
This function is extremely useful when NAT pools are required due to the large number of
connections generated by P2P users.
10.3. Threshold Rules
Chapter 10. Traffic Management
517
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...