Fortinet 491 FortiWeb 5.0 Patch 6 Administration Guide
Persistent Server
Sessions
Type the maximum number of concurrent TCP connections that will
be maintained by this policy to back-end servers.
The maximum number of HTTP sessions established with each server
depends on this field, and whether you have selected a single web
server or a Server Farm and Load Balancing Algorithm.
For example, if you set the value of Persistent Server Sessions to
10,000 and there are 4 web servers in a server farm that uses Round
Robin-style load-balancing, up to 10,000 client connections would be
accepted, resulting in up to 2,500 HTTP sessions evenly distributed
to each of the 4 web servers.
The default value varies. Each model of FortiWeb appliance has a
maximum allowed number of persistent sessions. The Edit Policy
dialog lists the minimum and maximum for your FortiWeb model next
to this field. For specifications, see “Appendix B: Maximum
configuration values” on page 669.
Tip: You can configure logging and/or alert email to notify you when
the appliance approaches its maximum. See the logging option
Persistent Server Session.
Blocking Port Select which network interface will be used to send TCP RST
(connection reset) packets in order to attempt to block the
request/connection when policy-violating traffic is detected. For
details on blocking behavior, see “Topology for offline protection
mode” on page 67.
This option appears only if the FortiWeb appliance is operating in
offline protection mode.
Syn Cookie Enable to prevent TCP SYN floods. Also configure Half Open
Threshold.
Note: This option is applicable only if the appliance is operating in
true transparent proxy mode. (Other modes use DoS protection
profiles instead. See “Preventing a TCP SYN flood” on page 354.)
Half Open
Threshold
Type the TCP SYN cookie threshold in packets per second. Also
configure Syn Cookie.
Note: This option is applicable only if the appliance is operating in
true transparent proxy mode. (Other modes use DoS protection
profiles instead. See “Preventing a TCP SYN flood” on page 354.)
HTTP Service Select the custom or predefined service that defines the TCP port
number where the virtual server or bridge receives HTTP traffic.
This option does not apply to either of the transparent modes.
Physical Server
Port
(under HTTP
Service)
Type the TCP port number where the physical/domain server listens
for HTTP web or web services connections. The valid range is from 0
to 65,535.
This option appears only if Deployment Mode is Single Server.
Setting name Description