12 ServerIron ADX Security Guide
53-1002440-03
Transaction Rate Limit (TRL)
1
<ip_address> —IP address of the TFTP server.
<trl_config_file_name> —File name of Transaction Rate Limit configuration.
<retry_count> —Retry number for the download.
Verify that the Transaction Rate Limit configuration file is in the following format.
client-trans-rate-limit tcp trl101
trl 10.2.24.0/24 monitor-interval 50 conn-rate 100 hold-down-time 60
trl 10.2.24.10/32 exclude
NOTE
This is the same format as the show running-configuration command generates.
Configuring the maximum number of rules
By default a TRL a policy can have up to 2500 IPv4 rules and 2500 IPv6 rules. A maximum of
15,000 IPv4 and 15,000 IPv6 rules are supported on a ServerIron ADX for all policies. While the
maximum number of rules cannot be increased over the 15,000 maximum, these limits can be
changed globally or locally per-policy.

Changing the maximum number of rules globally.

You can change the maximum number of TRL rules globally on a ServerIron ADX for all policies as
shown.
ServerIronADX(config)# client-trans-rate-limit max-ipv4-rules 2000
Syntax: [no] client-trans-rate-limit { max-ipv4-rules | max-ipv6-rules } <rules-count>
The max-ipv4-rules parameter specifies that the rules limit is being set for IPv4 rules.
The max-ipv6-rules parameter specifies that the rules limit is being set for IPv6 rules.
The <rules-count> variable specifies the number of rules that will be supported globally. The
maximum values (also the default) are: 15,000 for IPv4 and 15,000 for IPv6.

Changing the maximum number of rules locally per-policy.

You can change the maximum number of TRL rules for an individual policy on a ServerIron ADX for
as shown.
ServerIronADX(config)# client-trans-rate-limit tcp trl1
ServerIronADX(config-client-trl-trl1)# trl max-ipv4-rules 2000
Syntax: [no] trl { max-ipv4-rules | max-ipv6-rules } <rules-count>
The max-ipv4-rules parameter specifies that the rules limit is being set for IPv4 rules for the
specified policy.
The max-ipv6-rules parameter specifies that the rules limit is being set for IPv6 rules for the
specified policy.
The <rules-count> variable specifies the number of rules that will be supported for the specified
policy that this command is being configured under. The default values are: 2500 for IPv4 and
2500 for IPv6. The value for each (IPv4 and IPv6) can be set to any number as long as the global
limits are observed.