cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mrchrisosburn
New Contributor II

Is there a way to limiting the maximum number of sessions an ACL can have or by Source IP?

Jump to solution

We have been having issues which our mail server is getting SMTP DOS attacked.

Is there a way which i can limit the number of concurrent sessions based off IP or even using an ACL?

I have found documentation on doing this through an ACP but i dont believe this will work.

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: Is there a way to limiting the maximum number of sessions an ACL can have or by Source IP?

Jump to solution

:

Thank you for asking this question in the Support Community.  If you are getting DoS attacks, then maybe you can use the ip policy-class <name> max-host-sessions <number> command to alter settings for an access control policy (ACP).  The <number> specifies the maximum number of allowed ACP sessions that can be created from each unique source address. This command is used in conjunction with a named ACP and only applies the limit to that particular ACP.

Let me know if you have any questions on this command or the application.  I will be happy to help in any way I can.

Levi

View solution in original post

2 Replies
Anonymous
Not applicable

Re: Is there a way to limiting the maximum number of sessions an ACL can have or by Source IP?

Jump to solution

:

Thank you for asking this question in the Support Community.  If you are getting DoS attacks, then maybe you can use the ip policy-class <name> max-host-sessions <number> command to alter settings for an access control policy (ACP).  The <number> specifies the maximum number of allowed ACP sessions that can be created from each unique source address. This command is used in conjunction with a named ACP and only applies the limit to that particular ACP.

Let me know if you have any questions on this command or the application.  I will be happy to help in any way I can.

Levi

Re: Is there a way to limiting the maximum number of sessions an ACL can have or by Source IP?

Jump to solution

Thanks Levi,

I did get the command issued without issue. The attacks are random and we will see if this helps the issue.

Thanks again

-Christopher