How to enable the ADP (attack detection) on subnets

book

Article ID: 168361

calendar_today

Updated On:

Products

Mobility Threat Protection Asset Management Solution ProxySG Software - SGOS

Issue/Introduction

How do I enable Attack-Detection (ADP) on selected subnets instead of applying to all?
For example, if I have multiple subnets in my network however I only want to implement ADP to only one of the subnets or want one subnet excepted from ADP, how do I configure the appliance?

Resolution

By default, ADP is disabled and once enable you find the default settings as below (configuration are taken out from SGOS 6.5.x):

SG300#(config client)view
Client limits enabled:            true
Client interval:                  20 minutes

Default client limits:
    Client concurrent request limit:  unlimited
    Client connection limit:          100
    Client failure limit:             50
    Client request limit:             unlimited
    Client warning limit:             10
    Blocked client action:            Drop
    Client connection unblock time:   unlimited
    Monitor only mode:                disabled


To add a subnet for the ADP, please follow below steps:

SG300#(config client)create 10.10.10.0/24
ok
SG300#(config client)edit 10.10.10.0/24
SG300#(config client 10.10.10.0/24)view

Client limits for 10.10.10.0/24:
    Client concurrent request limit:  unlimited
    Client connection limit:          100
    Client failure limit:             50
    Client request limit:             unlimited
    Client warning limit:             10
    Blocked client action:            Drop
    Client connection unblock time:   unlimited
    Monitor only mode:                disabled


Notice that the Client connection limit are default to 100, please follow the command below to either disable/increase or decrease the limit:

1. To disable:
SG300#(config client 10.10.10.0/24)no connection-limit
  ok


2. To increase/decrease connection-limit:
SG300#(config client 10.10.10.0/24)connection-limit ##
  ok


Note: replace with number between 1 - 65534

-- Disable "default" connection limit, if you would want to disable ADP globally and enable ADP only on certain subnet.
-- Disable on configured "subnet" connection limit, if you want to enable ADP globally, and disable only on certain subnet.


You may refer to SGOS Administration Guide as below:
1. SGOS 5.5 - Chapter 72: Preventing Denial of Service Attacks
2. SGOS 6.2 - Chapter 69: Preventing Denial of Service Attacks
3. SGOS 6.5 - Chapter 70: Preventing Denial of Service Attacks