ServerIron ADX Security Guide 15
53-1002440-03
Transaction Rate Limit (TRL) 1
ServerIronADX(config)# interface ethernet 1/1
ServerIronADX(config-if-1/1)# ip tcp trans-rate 80
where <ports> sets one or more TCP or U DP ports to monito r. With TRL, the Serve rIron can monitor
up to 4 specific ports. The ServerIron can also monitor traffic to all the ports by configuring the
default port.
TRL plus security ACL-ID
Even though TRL is applied to an interface and effects all traffic received on this interface, with the
security acl-id <acl-num> command TRL can be applied only to specific traffic coming in on that
interface.Refer to “security acl-id” on page 15.
security acl-id
The security global command accepts acl-id <acl-num> as a parameter.
Syntax: [no] security acl-id <id>
Example
ServerIronADX(config)# security acl-id 4
Once security acl-id <acl-num> is configured, only packets matching the configured ACL will be
subject to the L4 security rules configured on the system. (Specifically, TRL and manual hold down
will take effect only for packets matching this configured ACL). If you want specific traffic to bypass
the L4 security features, then do not include those IP addresses in the access list.
NOTE
The security acl-id takes precedence over all TRL configuration.
Transaction rate limit hold-down value
if you configure "hold down 0," the incoming request is not held down. Instead it generates a log.
Displaying TRL rules statistics
You can display statistics for TRL rules as shown.
Syntax: show client-trl rules-stat
Displaying TRL rules in a policy
You can display TRL rules in a policy as shown.
ServerIronADX#show client-trl rules-stat
Policy-Name default-rule ipv4-rules-alloted ipv4-rules-added ipv6-rules-alloted ipv6-rules-added
trl1 0 2500 0 2500 0
trl2 0 2500 0 2500 0
trl3 0 2500 0 2500 0
Global ipv4 rule num: 2500, total-alloted-ipv4-rules: 7500
Global ipv6 rule num: 2500, total-alloted-ipv6-rules: 7500