Restricting the number of overall sessions through the web UI on the USG2000&5000 series

26

The USG2000&5000 series devices support configuring the number of global connections through the web UI.
1. Set interface IP addresses and assign the interfaces to security zones.
2. Configure interzone packet-filtering rules to ensure normal communication.
a. Choose Firewall > Security Policy > Forward Policy.
b. In Forward Policy List, click Modify to the right of Implicit of untrust->trust.
c. On the Modify Forward Policy, set Action to permit.
d. Click Apply.
3. (Optional) To restrict the number of connections of a certain application, such as P2P, configure this item.
a. Choose UTM > Application Control > Policy.
b. Select Enable of Application Control Function.
c. Click Apply.
4. Configure and apply traffic limiting policies.
a. Choose Firewall > Traffic Limiting Policy > Settings.
b. Select the Enable check box to the right of Traffic Limiting Policy.
c. Click Apply.
5. Create a global traffic limiting class.
a. Choose Firewall > Traffic Limiting Policy > Global Traffic Limiting.
b. Click the Global Traffic Limiting Class tab.
c. Click Add in Global Traffic Limiting Class List.
d. Enter or select the following parameters:
-Name: Indicates the name of a global traffic limiting class.
-Reference Mode: Indicates the reference mode of the global CAR class.
Exclusive: If a traffic limiting policy that exclusively references a CAR class, the limits, such as the maximum bandwidth, committed bandwidth, and number of concurrent connections, defined in the CAR class take effect only for the traffic that matches the traffic limiting policy.
Shared: If a CAR class is referenced in multiple traffic limiting polices that are applied to different security zones or in different directions of the same security zone, traffic that matches either of these policies shares the limits, such as the maximum bandwidth, committed bandwidth, and number of concurrent connections, defined in the CAR class.
-Max. Number of Connections: Indicates the maximum number of connections for the interzone.
e. Click Apply.
6. Create a global traffic limiting policy and reference the global traffic limiting class.
a. Choose Firewall > Traffic Limiting Policy > Global Traffic Limiting.
b. Click Add in Global Traffic Limiting Policy List.
c. Enter or select the following parameters:
-Source Zone: Indicates the source security zone of the global traffic limiting policy.
-Destination Zone: Indicates the destination security zone of the global traffic limiting policy
-Source Address: Indicates the source address of the global traffic limiting policy.
-Destination Address: Indicates the destination IP address of the global traffic limiting policy.
-User: Indicates users or user groups matching the global traffic limiting policy. You can view all the existing users or user groups in the drop-down list. The users must be authenticated or exempted from authentication.
-Application Protocol: Indicates the application protocol matching the global traffic limiting policy.
-Service: Indicates the service type of a global traffic limiting policy. The parameter defines the port range of the UDP or TCP service, ICMP message type and message code, and protocol number of the IP service.
-Schedule: Indicates the time range during which the global traffic limiting policy is valid.
-Action: Indicates the control action performed on the traffic matching the global traffic limiting policy.
-Description: Indicates the description of a global traffic limiting policy. The description distinguishes the policy from other policies.
-Global Traffic Limiting Class: Indicates the class referenced by a global traffic limiting policy.
d. Click Apply.

Other related questions:
Restricting the number of overall sessions through the CLI on the USG2000&5000 series
The USG2000&5000 series devices support configuring the number of global sessions through the CLI. For details, see USG2000&5000 Product Document > CLI Configuration Guide > Firewall > Traffic Limiting Policies Configuration.

Restricting the number of overall sessions through the web UI on the USG6000 series
The USG6000 series devices support configuring the number of global sessions through the web UI. For details, see USG6000 Product Document > Administrator Guide > Traffic Management > Bandwidth Management.

Restricting the number of per-IP sessions through the web UI on the USG2000&5000 series
The USG2000&5000 series devices support configuring the number of per-IP connections through the web UI. 1. Set interface IP addresses and assign the interfaces to security zones. 2. Configure interzone packet-filtering rules to ensure normal communication. a. Choose Firewall > Security Policy > Forward Policy. b. In Forward Policy List, click Modify to the right of Implicit of untrust->trust. c. On the Modify Forward Policy, set Action to permit. d. Click Apply. 3. (Optional) To restrict the number of connections of a certain application, such as P2P, configure this item. a. Choose UTM > Application Control > Policy. b. Select Enable of Application Control Function. c. Click Apply. 4. Configure and apply traffic limiting policies. a. Choose Firewall > Traffic Limiting Policy > Settings. b. Select the Enable check box to the right of Traffic Limiting Policy. c. Click Apply. 5. Create a per-IP traffic limiting class. a. Choose Firewall > Traffic Limiting Policy > Per-IP Traffic Limiting. b. Click the Per-IP Traffic Limiting Class tab. c. Click Add in Per-IP Traffic Limiting Class List. d. Enter or select the following parameters: e. Click Apply. 6. Create a per-IP traffic limiting policy and reference the per-IP traffic limiting class. a. Choose Firewall > Traffic Limiting Policy > Per-IP Traffic Limiting. b. Click Add in Per-IP Traffic Limiting Policy List. c. Enter or select the following parameters: d. Click Apply.

Restricting the number of overall connections through the CLI on the USG2000&5000 series
The USG2000&5000 series devices support configuring the number of global connections through the CLI. For details, see USG2000&5000 Product Document > CLI Configuration Guide > Firewall > Traffic Limiting Policies Configuration.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top