Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Atif_Saeed
Participant

Flood of Traffic from Internal Server

We had a condition where a Internal Server flooded so much of Syslog connections causing Firewall to loose its connection table and further causing no service , Please advise if TCP segment protection will help in IPS (Do not see any place to setup the limitation). Any other advise.

0 Kudos
3 Replies
Vladimir
Champion
Champion

Typically, Syslog is configured to output UDP. If that is the case, I do not think that the TCP Segmentation Protection will not do anything  for you.

You can take a look at this: Rate Limiting for DoS Mitigation 

and see if you can apply similar technique to prevent your gateways from being overloaded.

Gaurav_Pandya
Advisor

Yeah. As it is with your internal Server, so you know the IP address and can rate limit the things by configuring below.

Timothy_Hall
Champion
Champion

The rate-limiting commands mentioned above should help; if your firewall is using Gaia though make sure the connections table is set to Automatically as shown, you should not run out of connection table slots unless Gaia itself runs out of physical memory.  If you upgraded from an IPSO or SecurePlatform-based firewall this may still be set to the manual limit of 25000.

In my book I cover this exact scenario in the context of a nemesis-worthy internal auditor named Jim Profit doing port scans through the firewall.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events