Solved: Limit Number of Connections from a Source IP

hurricane05 · ‎08-02-2023

We are currently running Cisco FTD 4100 series with 7.0.4 code. Is it possible to limit the number of simultaneous connections made from a particular source IP address going to a destination IP address? For instance, limit Source A to only a max of 10 simultaneous connections to Destination B. Wasn't sure if this is something that would need to be configured via FlexConfig. If so, do you have a sample configuration showing how that is setup?

Thx in advance for any assistance provided.

Rob Ingram · ‎08-02-2023

@hurricane05 I've not personally configured this but you can configure service policies to set Per Client—Limits for the number of connections allowed for a given client (source IP address).

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/threat_defense_service_policies.html#id_71062

View solution in original post

Rob Ingram · ‎08-02-2023

@hurricane05 I've not personally configured this but you can configure service policies to set Per Client—Limits for the number of connections allowed for a given client (source IP address).

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/threat_defense_service_policies.html#id_71062

hurricane05 · ‎08-03-2023

Hi Rob,
Thx for the quick response. Looks like that's the option that will work.