Filter
Top Products
Chapter 23 Firewall
ISG50 User’s Guide
364
23.3 The Session Limit Screen
Click Configuration > Firewall > Session Limit to display the Firewall Session Limit screen.
Use this screen to limit the number of concurrent NAT/firewall sessions a client can use. You can
apply a default limit for all users and individual limits for specific users, addresses, or both. The
individual limit takes priority if you apply both.
Figure 244 Configuration > Firewall > Session Limit
The following table describes the labels in this screen.
Access Use the drop-down list box to select what the firewall is to do with packets that
match this rule.
Select deny to silently discard the packets without sending a TCP reset packet or
an ICMP destination-unreachable message to the sender.
Select reject to deny the packets and send a TCP reset packet to the sender. Any
UDP packets are dropped without sending a response packet.
Select allow to permit the passage of the packets.
Log Select whether to have the ISG50 generate a log (log), log and alert (log alert)
or not (no) when the rule is matched. See Chapter 53 on page 705 for more on
logs.
OK Click OK to save your customized settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Table 118 Configuration > Firewall > Add (continued)
LABEL DESCRIPTION
Table 119 Configuration > Firewall > Session Limit
LABEL DESCRIPTION
General Settings
Enable Session
limit
Select this check box to control the number of concurrent sessions hosts can
have.
Default Session
per Host
Use this field to set a common limit to the number of concurrent NAT/firewall
sessions each client computer can have.
If only a few clients use peer to peer applications, you can raise this number to
improve their performance. With heavy peer to peer application use, lower this
number to ensure no single client uses too many of the available NAT sessions.
Create rules below to apply other limits for specific users or addresses.