IPCAR
This help contains the following topics:
Introduction
This feature limits the number of connections established per second to prevent DDoS attacks from degrading device performance.
The device supports the following types of connection rate limit:
Public network protection—Limits the number of connections from the public network to the internal network based on destination IP address.
Internal network protection—Limits the number of connections from the internal network to the public network based on source IP address.
vSystem support information
Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.
Restrictions and guidelines
You cannot configure both public network protection and private network protection on the same interface.
Configuration guidelines
Configuration flow
Figure-1 shows the configuration flow chart.
Figure-1 Configuration flow chart
Configuration procedure
Select Policies > Active Defense > IPCAR.
Configure the following parameters:
Table-1 Configuration items
Item
Description
IP type
Select an IP type. Options include IPv4 and IPv6.
Protection action
Select a protection action.
Alarm—Sends logs when the connection rate exceeds the rate limit. You can view the logs on the IPCAR Logs page.
Packet dropping—Drops packets when the connection rate exceeds the rate limit.
Interfaces
Select interfaces to apply the rate limit.
Per-IP Connection Rate Threshold
Enter a connection rate limit.
Click OK.