Connection Limit is a feature that restricts the number of connections to remain below a certain specified limit. When the number of connections exceeds that limit, the system will automatically log the event (if logging is enabled). Connection limit can detect exceptionally high volumes of traffic caused by malicious attacks. FortiWAN protects the network by rejecting connections above the threshold.
Configurations of Connection Limit are divided into 2 sections: Count Limit and Rate Limit. Configuration of Count Limit is aimed to limit the number of total connections biult by one IP address simultaneously; that is to say the request of new connection via this IP address will be denied, once the count of connections reaches the connection number specified in this section. On the other hand, configuration of Rate Limit is aimed to restrict the number of connections built by one IP address every second. The source of connection can be from any of the following options: IP address, IP Range, Subnet, WAN, LAN, DMZ, Localhost, and any specific IP address.
FortiWAN provides mechanisms to record, notify and analysis on events refer to the Connection Limit service, see “Log”, “Statistics: Connection Limit” and “Report: Connection Limit”.
Log Interval : The log interval determines how often the system records when the number of the connections exceeds the limit defined in the rules table.
Rules – Count Limit
Source : Match connections from a specified source (See “Using the web UI”).
Count : Set the limit for maximum number of the connections.
L : Check to enable logging. If the box is checked, logging will be enabled. Whenever the rule is matched, the system will record the event to the log file.
Rules – Rate Limit
|E||:||Enable: This rule can be matched. Disable: This rule does not need to be matched.|
|When||:||All of these three options are applicable 24 hours a day (See “Busyhour Settings”).|
|Source||:||Match connections from a specified source (See “Using the web UI”).|
|Destination||:||Match connections to specified Destination: This field is the same as the “Source” field, except that connections are matched with specified destination (See “Using the web UI”).|
|Service||:||The TCP/UDP service type to be matched. Select the matching criteria from publicly known service types (e.g. FTP), or enter the port number in TCP/UDP packets and specify the range. Type the starting port number plus hyphen “-“ and then the ending port number. e.g. “TCP@123-234” (See “Using the web UI”).|
|Conn/Sec||:||Specify the number of connection allowed per second, under the conditions of [When], [Source], [Destination], and [Service] defined.|
|L||:||Check to enable logging. If the box is checked, logging will be enabled. Whenever the rule is matched, the system will record the event to the log file.|
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!