cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tonyssbear
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 4

Connection Limit Policy

Jump to solution

Hi All,

 

I am considering create a rule on "IPS 7100" to limit inbound connection to my web server

Which is for Prevent by detect IP which have too many connection to Web server 

 

For example,  A IP is detected make more than 5 connection to internal server

Than the related connection is drop or IP is quarantine, but the rest connection stay normal

Can It been done?

 

I try to use

1. Connection limiting with 10/sec

 

But it seem not working

May i know if IPS can do this? How?

 

I can find some information from official guide, 

The connections are limited based on the predefined threshold value. The threshold value is defined as connections per second or active connections. For example, if you define 1 connection per second as the threshold value, then, 10 connections are allowed per 10 seconds. So, if there are 10 connections in the first second, all the other connections from the second to the tenth second are dropped. On the other hand, if you have 1 connection for each second, all the 10 connections until the tenth second are allowed. This is also known as traffic sampling.

 

Does it mean total connection On the IPS? OR related Host?

 

https://docs.mcafee.com/bundle/network-security-platform-9.1.x-product-guide/page/GUID-A122A58F-A4EB...

 

regards

Tony 

1 Solution

Accepted Solutions
fkazi04
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Connection Limit Policy

Jump to solution

hello @tonyssbear 

I have gone through the configuration page and didn't find any option to define IP address. The document might be referring host as an end system (server).

Quarantine feature of a connection limit policy should work just as IPS policy. 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

3 Replies
fkazi04
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Connection Limit Policy

Jump to solution

Hello @tonyssbear 

My understanding is the connection will be total number of connection and not host based connection.

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
tonyssbear
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: Connection Limit Policy

Jump to solution

Hi Faizan,

 

But is seem product guide said related to a host?

"Connection Limiting policies consist of a set of rules that enable the Sensors to limit the number of connections a host can establish or a connection rate."

https://docs.mcafee.com/bundle/network-security-platform-10.1.x-product-guide/page/GUID-7296203B-EC6...

 

BTW, If I want to enable Quarantining hosts on connection limit, does it same as IPS policy?

Will the host be Quarantine at page "Analysis -? Quarantine"? Can It be release manually?

fkazi04
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Connection Limit Policy

Jump to solution

hello @tonyssbear 

I have gone through the configuration page and didn't find any option to define IP address. The document might be referring host as an end system (server).

Quarantine feature of a connection limit policy should work just as IPS policy. 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community