Chapter 5 Events: Logs, Traffic Streams, Reports

Rate Limited Streams

When traffic triggers an IPS filter configured with a Rate Limit action set, traffic from the source IP and port is limited based on the rate limit settings in the action set. Traffic from the source IP address and port to the destination IP address and port remains rate-limited until the connection timeout period expires, or until the connection is manually terminated from the LSM.

The following figure shows the Rate Limited Streams page.

Figure 5–2: Rate Limited Streams Page

From the Rate Limited Streams page, you can:

View and search for information on rate-limited streams

Manually terminate all or selected rate-limited stream connections

For details on performing these tasks, see “Search rate-limited streams” on page 113 and “Flush rate- limited streams” on page 113.

The Rate Limited Streams table displays up to 50 entries. Entries are added when the rate-limit event occurs. Entries are automatically removed when the connection times out based on the Connection Table timeout setting configured from the IPS Preferences page (IPS > IPS Preferences). The default timeout setting is 1800 seconds (30 minutes). You can manually remove an entry by terminating the connection using the Flush functions.

For each rate-limited stream, the Rate Limited Streams table provides the following information:

Table 5–10: Rate Limited Streams Table

Column

Definition

 

 

 

 

Protocol

Protocol used by the blocked connection

 

 

Src/Dest Address

Source or destination IP address of the connection

 

 

Port

Port of the connection

 

 

Src/Dest Address

Source or destination IP address of the connection

 

 

Port

Port of the connection

 

 

112X Family LSM User’s Guide V 2.5.1