FortiWAN Connection Limit

Leave a reply

Connection Limit

Connection Limit is a feature that restricts the number of connections to remain below a certain specified limit. When the number of connections exceeds that limit, the system will automatically log the event (if logging is enabled). Connection limit can detect exceptionally high volumes of traffic caused by malicious attacks. FortiWAN protects the network by rejecting connections above the threshold.

Configurations of Connection Limit are divided into 2 sections: Count Limit and Rate Limit. Configuration of Count Limit is aimed to limit the number of total connections biult by one IP address simultaneously; that is to say the request of new connection via this IP address will be denied, once the count of connections reaches the connection number specified in this section. On the other hand, configuration of Rate Limit is aimed to restrict the number of connections built by one IP address every second. The source of connection can be from any of the following options: IP address, IP Range, Subnet, WAN, LAN, DMZ, Localhost, and any specific IP address.

FortiWAN provides mechanisms to record, notify and analysis on events refer to the Connection Limit service, see “Log”, “Statistics: Connection Limit” and “Report: Connection Limit”.

Log Interval

Log Interval         :     The log interval determines how often the system records when the number of the connections exceeds the limit defined in the rules table.

Rules – Count Limit

Source    :   Match connections from a specified source (See “Using the web UI”).

Count    :    Set the limit for maximum number of the connections.

Cache Redirect

L         :     Check to enable logging. If the box is checked, logging will be enabled. Whenever the rule is matched, the system will record the event to the log file.

Rules – Rate Limit

E : Enable: This rule can be matched. Disable: This rule does not need to be matched.
When : All of these three options are applicable 24 hours a day (See “Busyhour Settings”).
Source : Match connections from a specified source (See “Using the web UI”).
Destination : Match connections to specified Destination: This field is the same as the “Source” field, except that connections are matched with specified destination (See “Using the web UI”).
Service : The TCP/UDP service type to be matched. Select the matching criteria from publicly known service types (e.g. FTP), or enter the port number in TCP/UDP packets and specify the range. Type the starting port number plus hyphen “-“ and then the ending port number. e.g. “TCP@123-234” (See “Using the web UI”).
Conn/Sec : Specify the number of connection allowed per second, under the conditions of [When], [Source], [Destination], and [Service] defined.
L : Check to enable logging. If the box is checked, logging will be enabled. Whenever the rule is matched, the system will record the event to the log file.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.