IBM Support

MaxConnections not being honored

Question & Answer


Question

Policy parameter MaxConnections is not being honored for a policy rule.

Policy is configured with the following rule and action:

PolicyAction telnetAction

{

 PolicyScope    DataTraffic
 TypeActions    Log Limit
 MaxConnections 5

}

PolicyRule telnetRule

{

 DestinationAddressRange  xx.xx.xx.xx
 SourceAddressRange       yy.yy.yy.yy
 DestinationPortRange     23
 SourcePortRange          0
 PolicyActionReference    telnetAction

}

However, the client from xx.xx.xx.xx is allowed to make more than 5 Telnet connections. The MaxConnections parameter on the action is not being enforced.

Answer

When a new connection is accepted by the stack, the MaxConnections parameter is applied only to Outbound rules. The above rule must be rewritten as follows:

PolicyRule telnetRule

{

 DestinationAddressRange  xx.xx.xx.xx
 SourceAddressRange       yy.yy.yy.yy
 SourcePortRange          23
 DestinationPortRange     0
 PolicyActionReference    telnetAction

}

Notice that the SourcePortRange and DestinationPortRange values have been reversed. This will cause the MaxConnections parameter in the PolicyAction to be recognized as an Outbound rule.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Document Information

Modified date:
15 April 2015

UID

dwa1186170