rate limiting?

[Jahk Nah Rai]

Hi I am running Checkpoint Firewall-1 NG Smalloffice FP3. I am looking for a way to limit the number of connections coming from a certain IP to just one at a time. Is there any feature in Checkpoint that can perhaps check the existing state table and block all other connections if one already exists?
Thanks

[Sergej]

There is "Network Quota" SmartDefence feature in the newest versions of Checkpoint. You can limit the number of concurrent sessions per second. Use object with exception to describe all other hosts (exclude them)

Last Update: 01-February-2005
References: CAN-2002-0957 CAN-2002-0629
Supported from Version: NG R54
Severity: High
Description:
Network Quota enforces a limit upon the number of connections that are allowed from the same source IP, to protect against Denial Of Service attacks.

When a certain source exceeds the number of allowed connections, Network Quota can either block all new connection attempts from that source or track the event.