Now that we have our base screens set to protect against the various types of flooding, let’s configure some session limitations. A session screen is configured in two ways:
The source-based session limitation is the number of connections a source IP is allowed to have. For example, if the limit was 100, traffic entering this zone would only be permitted 100 connections per source IP. This is useful for limiting inbound Internet traffic and restricting the number of connections external IPs can open to your hosts or servers.
This is the total number of sessions to a single destination. This is typically used to limit the number of connections to a server or service. You must be careful when applying this screen. Remember, these are zone-wide specific settings. So, for example, 5,000 sessions to a single IP address may seem abnormal until all the employees concurrently log on to the domain at the same time, or all users click the company intranet page for the latest company announcement at the same time.
Both source- and destination-based screen limitations can protect your session table while keeping any single host from generating a large number of connections and possibly flooding other hosts or parts of the network with connection attempts. It could be a misconfigured device, a malicious user, or just an extremely abnormal flood of legitimate traffic. The session-limiting settings should be there to regulate your session table and ...