Question & Answer
Question
Policy parameter MaxConnections is not being honored for a policy rule.
Policy is configured with the following rule and action:
PolicyAction telnetAction
{
PolicyScope DataTraffic
TypeActions Log Limit
MaxConnections 5
}
PolicyRule telnetRule
{
DestinationAddressRange xx.xx.xx.xx
SourceAddressRange yy.yy.yy.yy
DestinationPortRange 23
SourcePortRange 0
PolicyActionReference telnetAction
}
However, the client from xx.xx.xx.xx is allowed to make more than 5 Telnet connections. The MaxConnections parameter on the action is not being enforced.
Answer
When a new connection is accepted by the stack, the MaxConnections parameter is applied only to Outbound rules. The above rule must be rewritten as follows:
PolicyRule telnetRule
{
DestinationAddressRange xx.xx.xx.xx
SourceAddressRange yy.yy.yy.yy
SourcePortRange 23
DestinationPortRange 0
PolicyActionReference telnetAction
}
Notice that the SourcePortRange and DestinationPortRange values have been reversed. This will cause the MaxConnections parameter in the PolicyAction to be recognized as an Outbound rule.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
15 April 2015
UID
dwa1186170