How do I enable Attack-Detection (ADP) on selected subnets instead of applying to all?
For example, if I have
multiple subnets in my network however I only want to implement ADP to only one of the subnets or want one subnet excepted from ADP, how do I configure the appliance?
By default, ADP is disabled and once enable you find the default settings as below (configuration are taken out from SGOS 6.5.x):
Notice that the Client connection limit are default to 100, please follow the command below to either disable/increase or decrease the limit:
1. To disable: SG300#(config client 10.10.10.0/24)no connection-limit ok
2. To increase/decrease connection-limit: SG300#(config client 10.10.10.0/24)connection-limit ## ok
Note: replace with number between 1 - 65534
-- Disable "default" connection limit, if you would want to disable ADP globally and enable ADP only on certain subnet. -- Disable on configured "subnet" connection limit, if you want to enable ADP globally, and disable only on certain subnet.
You may refer to SGOS Administration Guide as below:
SGOS 5.5 - Chapter 72: Preventing Denial of Service Attacks
SGOS 6.2 - Chapter 69: Preventing Denial of Service Attacks
SGOS 6.5 - Chapter 70: Preventing Denial of Service Attacks
Imported Document ID: 000023044
Subscribing will provide email updates when this Article is updated. Login is required.