Example: Setting Destination-Based Session Limits (CLI)

The following example shows you how to limit the amount of traffic to a webserver at 1.2.2.5. The server is in the DMZ zone. The example assumes that after observing the traffic flow from the external zone to this server for a month, you have determined that the average number of concurrent sessions it receives is 2000.

The example shows how to set the new session limit at 4000 concurrent sessions. Although traffic spikes might sometimes exceed that limit, the example assumes that you are opting for firewall security over occasional server inaccessibility.

user@host# set security screen ids-option 4000-limit-session limit-session destination-ip-based 4000user@host# set security screen ids-option 100-limit-session limit-session destination-ip-based 100user@host# set security zones security-zone external_zone screen 100-limit-session

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.