How do I modify the connection limit for a specific client in my network, while still keeping the attack-detection (client) feature enabled?
search cancel

How do I modify the connection limit for a specific client in my network, while still keeping the attack-detection (client) feature enabled?

book

Article ID: 166127

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

In some networks, an upstream or downstream device might perform frequent health checks to verify connectivity to the Blue Coat ProxySG, and the ProxySG could interpret these checks an 'attack'.

For example, if you have another ProxySG or a device that performs Network Address Translation (NAT) between the ProxySG that connects to the clients and the firewall or the network gateway, you might need to permit more connection requests or allow for less stringent failure limits for this client.

While you cannot disable attack-detection for a specific client, you can modify the default connection limit and thresholds to allow for more permissive limits for a specific device in your network.

 In this example, we assume that 10.10.10.10 is the client IP for which we wish to modify the attack detection limits.

******************************************

SGOS>en

SGOS #config t

SGOS#(config)attack-detection

SGOS#(config attack-detection)client ( enables client attack detection)

SGOS#(config client)create 10.10.10.10

SGOS#(config client)edit 10.10.10.10 ( allows you to modify the connection limits for the specific client)

Table: Client attack detection settings to modify

CommandDescription
connection-limit

Specifies the maximum number of simultaneous connections allowed.

failure-limit

Specifies the maximum number of failed requests within the globally specified time interval.

warning-limit

Specifies the maximum number of warnings that are issued before a client is blocked.

unblock-time

Specifies the interval of time a client is re-allowed access to network resources after being blocked at the network level, when the client-warning-limit is exceeded.

SGOS#(config client 10.10.10.10)no connection-limit

SGOS#(config client 10.10.10.10)no failure-limit 

SGOS#(config client 10.10.10.10)no warning-limit               

SGOS#(config client 10.10.10.10)no unblock-time    

            

SGOS#(config client 10.10.10.10)view ( view the modifications in the defaults for the specified client.)

 Client limits for 10.10.10.10/32:

    Client connection limit:          unlimited

    Client failure limit:             unlimited

    Client warning limit:             unlimited

    Blocked client action:            Drop

    Client connection unblock time:   unlimited

 ******************************************

 

Powered by Wolken Software