Filter
Top Products
56-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
IPS, QoS, and Connection Rules Page
Maximum Connections You can specify the maximum number of TCP and UDP connections,
and the maximum number of embryonic connections for this traffic
flow:
• Maximum TCP & UDP Connections – Specify the maximum
number of simultaneous TCP and UDP connections for the entire
subnet, up to 65,535, for ASA versions earlier than 8.4(5); for ASA
8.4(5) and later, the maximum number is 2,000,000. The default is
zero for both protocols, which means the maximum possible
connections are allowed.
• Maximum TCP & UDP Connections Per Client – For ASA/PIX
7.1+ only; specify the maximum number of simultaneous TCP and
UDP connections on a per client basis. For ASA 8.4(5) and later,
the maximum number is 2,000,000.
• Maximum Embryonic Connections – For ASA/PIX 7.0+ only;
specify the maximum number of embryonic connections per host,
up to 65,535, for ASA versions earlier than 8.4(5); for ASA 8.4(5)
and later, the maximum number is 2,000,000. An embryonic
connection is a connection request that has not finished the
necessary handshake between source and destination. This limit
enables the TCP Intercept feature. The default is zero, which
means the maximum embryonic connections. TCP Intercept
protects inside systems from a DoS attack perpetrated by flooding
an interface with TCP SYN packets. When the embryonic limit has
been surpassed, the TCP intercept feature intercepts TCP SYN
packets from clients to servers on a higher security level. SYN
cookies are used during the validation process and help minimize
the amount of valid traffic being dropped. Thus, connection
attempts from unreachable hosts will never reach the server. This
feature is not applicable if TCP State Bypass is enabled.
• Maximum Embryonic Connections Per Client – For ASA/PIX
7.1+ only; specify the maximum number of embryonic connections
on a per client basis. For ASA 8.4(5) and later, the maximum
number is 2,000,000. This feature is not applicable if TCP State
Bypass is enabled.
Table 56-3 Insert/Edit Service Policy (MPC) Rule Wizard—Step 3. Configure the actions.
Element Description