Kerio Tech Firewall6 Network Router User Manual


 
7.3 Detection of connections with large data volume transferred
119
data volumes in longer intervals. Large data volume transfers typically uses the method
where the data flow continuously with minimal intervals between the transfer impulses.
Two basic parameters are tested in each connection: volume of transferred data and
duration of the longest idle interval. If the specified data volume is reached without the
idleness interval having been tresholded, the connection is considered as a transfer of
large data volume and corresponding limits are applied.
If the idle time exceeds the defined value, the transferred data counter is set to zero and
the process starts anew. This implies that each connection that once reaches the defined
values is considered as a large data volume transfer.
The value of the limit for the amount of data transmitted and the minimal idleness
period are configuration parameters of the Bandwidth Limiter (see chapter
7.2).
Examples:
The detection of connections transferring large data volumes will be better understood
through the following examples. The default configuration of the detection is as follows:
at least 200 KB of data must be transferred while there is no interruption for 5 sec or
more.
1. The connection at figure 7.6 is considered as a transmission of large data volume
after transfer of the third load of data. At this point, the connection has transferred
200 KB of data while the longest idleness interval has been only 3 sec.
Figure 7.6 Connection example short idleness intervals
2. Connection at figure 7.7 is not considered as a large data volume transfer, since after
150 KB of data have been transferred before an only 5 sec long idleness interval and
then, only other 150 KB of data have been transmitted within the connection.
Figure 7.7 Connection example long idleness interval