10.3. Threshold Rules
10.3.1. Overview
The objective of a Threshold Rule is to have a means of detecting abnormal connection activity as
well as reacting to it. An example of a cause for such abnormal activity might be an internal host
becoming infected with a virus that is making repeated connections to external IP addresses. It
might alternatively be some external source trying to open excessive numbers of connections. (A
"connection" in this context refers to all types of connections, such as TCP, UDP or ICMP, tracked
by the NetDefendOS state-engine).
Note: Threshold Rules are not available on all NetDefend models
The Threshold Roles feature is only available on the D-Link NetDefend DFL-800, 860,
860E, 1600, 1660, 2500, 2560 and 2560G.
Threshold Policies
A Threshold Rule is like other policy based rules found in NetDefendOS, a combination of
source/destination network/interface can be specified for a rule and a type of service such as HTTP
can be associated with it. Each rule can have associated with it one or more Actions which specify
how to handle different threshold conditions.
A Threshold Rule has the following parameters associated with it:
•
Action
This is the response of the rule when the limit is exceeded. Either the option Audit or Protect
can be selected.
•
Group By
The rule can be either Host or Network based.
•
Threshold
This is the numerical limit which must be exceeded for the action to be triggered.
•
Threshold Type
The rule can be specified to either limit the number of connections per second or limit the total
number of concurrent connections.
These parameters are described below:
10.3.2. Limiting the Connection Rate/Total Connections
Limiting the Connection Rate
Connection Rate Limiting allows an administrator to put a limit on the number of new connections
being opened to the NetDefend Firewall per second.
Limiting the Total Connections
Total Connection Limiting allows the administrator to put a limit on the total number of connections
opened to the NetDefend Firewall.
10.3. Threshold Rules
Chapter 10. Traffic Management
477
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...