I want to configure rate limiting rules as described here:
https://supportcenter.checkpoint.com...ionid=sk112454
and I'm trying to figure out if the rate limit can be enforced per source IP. (to define a limit per source IP and drop connections violating the limit, but without specifying a particular IP).
For example if a add the below rule:
fw samp add -a d quota flush true destination range:xx.xx.xx.xx service any new-conn-rate 500 track source
In case there are more than 500 connections per second from the same source IP and at the same time there are some connections from another source IP, all connections will be blocked, or only the source violating the limit?
As I understand the primary purpose of this is to defend against a DoS attack, therefore if there is no way to enforce this per source IP I don't really see the point (i.e. the destination service will still be unreachable).
Thanks,
Dave
Bookmarks