Configuring Session Limit
Policy > Session Limit
You can limit the number of sessions and control the session rate to the source IP address, destination IP address, specified IP address, service, or user/user group, thereby protecting from DoS attacks and controlling the bandwidth of applications, such as IM or P2P.
In the Session Limit page, you can perform the following actions:
- Click New to create a new session limit rule.
- Click Edit to edit the selected session limit rule.
- Click Delete to delete the selected session limit rules.
- Click Clear to clear the dropped sessions statistics of the selected session limit rule.
- Click Switch Mode to select a matching mode. If you select Use the Minimum Value and an IP address matches multiple session limit rules, the maximum number of sessions of this IP address is limited to the minimum number of sessions of all matched session limit rules; if you select Use the Maximum Value and an IP address matches multiple session limit rules, the maximum number of sessions of this IP address is the maximum number of sessions of all matched session limit rules.
Options in the Session Limit Configuration dialog:
| Option |
Description |
|
Zone
|
Select the zone that uses the session limit function. |
| Limit Conditions |
|
IP
|
Perform the session limit according to the IP addresses:
- IP: Limits the IP addresses that are contained in the selected address entry. You can select All IPs to limit the maximum number of sessions or the maximum number of sessions created per 5 seconds for all IP addresses. Or you can select Per IP to limit the maximum number of sessions for each IP address.
- Source IP: Limits the number of sessions of the zone's source IP. You can select All Source IPs to limit the maximum number of sessions or the maximum number of sessions created per 5 seconds for all IP addresses. Or you can select Per Source IP to limit the maximum number of sessions for each IP address.
- Destination IP: Limits the number of sessions of the zone's destination. You can select All Source IPs to limit the maximum number of sessions or the maximum number of sessions created per 5 seconds for all IP addresses. Or you can select Per Source IP to limit the maximum number of sessions for each IP address.
|
| Application |
Limits the session numbers of the specified applications in the zone.
|
|
User/User Group
|
- User/User Group: Limits the maximum number of sessions or the maximum number of sessions created per 5 seconds for all users, or limits the maximum number of sessions for each user.
- AAA Server: Select the AAA server that the users belong to.
|
| Limit Type |
| Session Type |
- Session Number: Specifies the maximum number of sessions. 0 indicates no limitation.
- New Connections/5s: Specifies the maximum number of sessions created per 5 seconds.
|
|
Schedule
|
Make the session limit rule take effect within the time period specified by the schedule.
|