Limiting number of connections

Unanswered Question
Jun 14th, 2009

Hi All,

is there any feature in the PIX firewall that limit the number of connections to a given host ?

thanks

Jean

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
trevora Mon, 06/15/2009 - 02:32

There are 2 ways you can do this.

if you are using static nat then there are options that you add:

static (inside,outside) 1.1.1.1 2.2.2.2 70 50

= 70 Max connections and 50 embryonic

The more recent way is via policy:

class-map MYCLASS

match any

policy-map MYPOL

class MYCLASS

set connection {conn-max number | embryonic-conn-max number |

per-client-embryonic-max number | per-client-max number | random-sequence-number {enable |

disable}}

set connection timeout {tcp [reset]] [half-close ]

[embryonic ] [dcd [ [max-retries]]]}

service-policy MYPOL interface outside

abinjola Mon, 06/15/2009 - 03:39

you mentioned about Pix, so make sure it runs 7.x as MPF is supported only 7.x onwards

jeansamarani Mon, 06/15/2009 - 04:33

but what's the difference between the max connection parameter and the embryonic value?

Actions

This Discussion