Quantcast
Channel: All ScreenOS Firewalls (NOT SRX) posts
Viewing all articles
Browse latest Browse all 2577

Re: About KB9950 / Source IP Based Session Limit

$
0
0

I think that's because your DNS trafic isn't actually filtered by this rule. In fact, because clients open sessions to the server when they make DNS request, the trafic from the server is implicitly autorised thanks to the stateful filtering.

 

So I guess the "get session..." command just apply filtering criteria of the rule to his global session table and don't really show sessions that had actually been filtered by the rule.

 

I also search a solution to exclude DNS trafic from Src/Dst session limit but I didn't find anyone...


Viewing all articles
Browse latest Browse all 2577

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>