Firewall > Access Rules
613
SonicOS 5.8.1 Administrator Guide
Note The maximum number of connections a SonicWALL security appliance can support
depends on the specific configuration, including whether App Flow is enabled and if an
external collector is configured, as well as the physical capabilities of the particular model
on the SonicWALL security appliance. For more information see the “Connections” section
on page 714.
Finally, connection limiting can be used to protect publicly available servers (e.g. Web servers)
by limiting the number of legitimate inbound connections permitted to the server (i.e. to protect
the server against the Slashdot-effect). This is different from SYN flood protection which
attempts to detect and prevent partially-open or spoofed TCP connection. This will be most
applicable for Untrusted traffic, but it can be applied to any zone traffic as needed.
Connection limiting is applied by defining a percentage of the total maximum allowable
connections that may be allocated to a particular type of traffic. The above figures show the
default LAN ->WAN setting, where all available resources may be allocated to LAN->WAN (any
source, any destination, any service) traffic.
More specific rules can be constructed; for example, to limit the percentage of connections that
can be consumed by a certain type of traffic (e.g. FTP traffic to any destination on the WAN),
or to prioritize important traffic (e.g. HTTPS traffic to a critical server) by allowing 100% to that
class of traffic, and limiting general traffic to a smaller percentage (minimum allowable value is
1%).
Note It is not possible to use IPS signatures as a connection limiting classifier; only Access Rules
(i.e. Address Objects and Service Objects) are permissible.