On 16 Oct 2002 at 17:00, Stephen Gill boldly uttered: > In V4.0 the syntax has changed somewhat for the aforementioned command, > though the concept still applies... > > set zone <zone> screen limit-session source-ip-based <threshold> > > I've requested something like > > set zone <zone> screen limit-session dest-ip-based <threshold> > > but I've not seen it in code yet. If I'm not mistaken I believe CP has > added the ability to do both recently. > > -- steve OK, but the nice thing about the source-based rule is it's not very likely to drop legitimate traffic (unless you misconfigure it without any sense of your normal traffic profile), whereas a destination- based rule could easily cause that problem, particularly for public servers. On a slightly off-topic note - do you find ScreenOS stable? I avoided it for stability reasons at a newly-deployed site but it would have been convenient to start off with it because when the time comes to upgrade it looks like I'll have to re-architect lots of the rules to adapt to its new syntax. -- Philip J. Koenig pjklistat_private Electric Kahuna Systems -- Computers & Communications for the New Millenium _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 18:11:19 PDT