1 Reply Latest reply on Dec 7, 2016 5:07 AM by d_aloy

    Connection Limiting

    ahmed.sabanaa

      Hi , if we are going to configure the connection Limiting Policies , and we would like to have it Alerting only in order to avoid any false positive cases , so , what is the behavior of the sensor , and what is the Alert that will be appear when the connection exceeds the threshold level ?

        • 1. Re: Connection Limiting
          d_aloy

          Hi Ahmed

           

          When configuring the connection limiting policy and setting it to 'alert only', the sensor will just generate the alert - here is an example with a connection limiting policy for connection rate (telnet, 1 connection per second):

           

          For connection limiting policies I would rather use 'active connections' as this is something you could gather from either other network devices (firewalls, load balancers, etc) or the same servers providing the service (check config files for apache,tomcat, sql - or whatever app your servers run).

           

          If you set the policy to drop, it will only drop exceeding connections - so the sensor will allow the number of session you have set as threshold - but once the threshold is reached, no new connections will be allowed until the older connections are finished and teared down

           

          Regards

          David

          2 of 2 people found this helpful