Support User Manuals

NETGEAR SRX5308-100NAS Switch User Manual

Open as PDF

of 460

Firewall Protection

170

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308

3. Enter the settings as explained in the following table:

4. Click Apply

to save your settings.

Table 35. Session Limit screen settings

Setting Description

Session Limit

Session Limit Control From the drop-down list, select o

ne of the following options:

• Wh

en single IP exceeds. When the limit is reached, no new session is allowed

from the IP address. A new session is allowed only when an existing session is

terminated or times out.

• Sin

gle IP Cannot Exceed. When the limit is reached, no new session is allowed

from the IP address for a specified period, or all sessions from the IP address are

terminated and new sessions are blocked for a specified period. You need to

specify the action and period by selecting one of the following radio buttons:

- Blo

ck IP to add new session for. No new session is allowed from the IP

address for a period. In the time field, specify the period in seconds.

- Blo

ck IP's all connections for. All sessions from the IP address are

terminated, and new sessions are blocked for a period. In the time field,

specify the period in seconds.

User Limit Parameter From the User Limit Parameter drop-down list, select one of the following options:

• Pe

rcentage of Max Sessions. A percentage of the total session connection

capacity of the VPN firewall.

• Numb

er of Sessions. An absolute number of maximum sessions.

User Limit Enter a number to indicate the user limit. Note the following:

• If the User Limit Parameter is set to Percentage of Max Sessions, the number

specifie

s the maximum number of sessions that are allowed from a single-source

device as a percentage of the total session connection capacity of the VPN

firewall. (The session limit is per-device based.)

• If the User Limit Parameter is set to Nu

mber of Sessions, the number specifies

an absolute value.

Note: So

me protocols such as FTP and RSTP create two sessions per connection,

which you should consider when you configure a session limit.

Total Number of

Packet

s Dropped due

to Session Limit

This is a nonconfigurable counter that displays the

total number of dropped packets

when the session limit is reached.

Session Timeout

TCP Timeout For each protocol, specify a time-out in seconds. A session expires if no data for

the session is received for the duration of the time-out period. The default time-out

periods are 1200 seconds for TCP sessions, 180 seconds for UDP sessions, and

8 seconds for ICMP sessions.

UDP Timeout

ICMP Timeout

previous next