https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-number-of-connections-from-one-IP-to-checkpoint/m-p/65451#M12378 <P>First off, do NOT use the IPS signature "Network Quota" to do this as it will prevent practically all traffic from being accelerated on the firewall.</P> <P>The best place to enforce rate limits is from SecureXL and is done from the firewall CLI, check out the "fw samp" command (R80.10 and earlier) and the "fwaccel dos rate/fw sam_policy" commands (R80.20+).</P> <P>&nbsp;</P> Mon, 21 Oct 2019 12:22:19 GMT Timothy_Hall 2019-10-21T12:22:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-number-of-connections-from-one-IP-to-checkpoint/m-p/65419#M12377 <P>Hello Checkmate,</P><P>&nbsp;</P><P>I have a Checkpoint R80.10 facing to internet. I saw a lot of connections to my webserver behind CP in smart console log like this:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="connection.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2786i1EDEC1B4B72D0C02/image-size/large?v=v2&amp;px=999" role="button" title="connection.png" alt="connection.png" /></span></P><P>&nbsp;</P><P>My question is how I can rate the number of connections of above IP , for example: when it already has 20 connections , a connection of 21th coming will be droped?</P><P>Thank a lot !!</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 21 Oct 2019 07:54:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-number-of-connections-from-one-IP-to-checkpoint/m-p/65419#M12377 minhhaivietnam 2019-10-21T07:54:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-number-of-connections-from-one-IP-to-checkpoint/m-p/65451#M12378 <P>First off, do NOT use the IPS signature "Network Quota" to do this as it will prevent practically all traffic from being accelerated on the firewall.</P> <P>The best place to enforce rate limits is from SecureXL and is done from the firewall CLI, check out the "fw samp" command (R80.10 and earlier) and the "fwaccel dos rate/fw sam_policy" commands (R80.20+).</P> <P>&nbsp;</P> Mon, 21 Oct 2019 12:22:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Limit-number-of-connections-from-one-IP-to-checkpoint/m-p/65451#M12378 Timothy_Hall 2019-10-21T12:22:19Z