06-14-2009 10:13 PM - edited 03-11-2019 08:43 AM
Hi All,
is there any feature in the PIX firewall that limit the number of connections to a given host ?
thanks
Jean
06-15-2009 02:32 AM
There are 2 ways you can do this.
if you are using static nat then there are options that you add:
static (inside,outside) 1.1.1.1 2.2.2.2 70 50
= 70 Max connections and 50 embryonic
The more recent way is via policy:
class-map MYCLASS
match any
policy-map MYPOL
class MYCLASS
set connection {conn-max number | embryonic-conn-max number |
per-client-embryonic-max number | per-client-max number | random-sequence-number {enable |
disable}}
set connection timeout {tcp
[embryonic
service-policy MYPOL interface outside
06-15-2009 03:39 AM
you mentioned about Pix, so make sure it runs 7.x as MPF is supported only 7.x onwards
06-15-2009 04:33 AM
but what's the difference between the max connection parameter and the embryonic value?
06-15-2009 04:39 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: