Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Protecting CGN Devices Against Denial of Service (DOS) Attacks

 

You can now choose configuration options that help prevent or minimize the effect of attempted denial of service (DOS) attacks.

Mapping Refresh Behavior

Prior to the implementation of the new options for configuring NAT mapping refresh behavior, described in this topic, a conversation was kept alive when either inbound or outbound flows were active. This remains the default behavior. You can now also specify mapping refresh for only inbound flows or only outbound flows. To configure mapping refresh behavior, include the mapping-refresh (inbound | outbound | inbound-outbound) statement at the [edit services nat rule rule-name term term-name then translated secure-nat-mapping] hierarchy level.

EIF Inbound Flow Limit

Previously. the number of inbound connections on an EIF mapping was limited only by the maximum flows allowed on the system. You can now configure the number of inbound flows allowed for an EIF. To limit the number of inbound connections on an EIF mapping, include the eif-flow-limit number-of-flows statement at the [edit services nat rule rule-name term term-name then translated secure-nat-mapping] hierarchy level.