the connections which you have specified as 10K, they are embryonic connections means half-open connections.
emb_limit : Specifies the maximum number of embryonic connections per host. The default is 0, which means unlimited embryonic connections.
Limiting the number of embryonic connections protects you from a DoS attack. The security appliance uses the embryonic limit to trigger TCP Intercept, which protects inside systems from a DoS attack perpetrated by flooding an interface with TCP SYN packets. An embryonic connection is a connection request that has not finished the necessary handshake between source and destination.
thanks for your reply. I'm not quite sure if I got it right. The reason I wanted to restrict the connections was an event, where a Linux server from the DMZ generated UDP packets toward the internet like hell. We saw a connection count of 280'000. The server generated roughly 30'000 UDP packets per second, each 1 byte long. Embryonic connections deal with TCP SYN handshake, which is not used with UDP.
Therefore I need a way to restrict any kind of connection exceedng a certain count. My original question was, why the gell do I see just 1200 connections in use, and at the same time the firewall tells me "exceeded connection limit" under normal working conditions.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...