I need to limit the amount of connections to an SSL based web server that we will be deploying in our DMZ. I believe this can be accomplished using the static command with the max_conns value. I am just looking for confirmation as I am still relatively new to PIX. Right now the value is 0 which I believe is unlimited. Is it really as simple as setting the value to 'n' where 'n' is the number of connections I want to allow???
Yes, editing the max_conns setting will limit the number of tcp_established connections. You don't, however, want to confuse max_conns with the embryonic setting which limits the number of tcp_syn sessions open. The syn sessions are unestablished. If your concern is security, you may want to limit the embryonic setting also.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...