• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TCP Connections per minute exceeded time period

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TCP Connections per minute exceeded time period Page: [1]
Login
Message << Older Topic   Newer Topic >>
TCP Connections per minute exceeded time period - 24.Oct.2011 6:34:21 PM   
steve6341

 

Posts: 10
Joined: 18.Nov.2004
Status: offline 		I am trying to figure out how to adjust the lockout time for IPs when they have exceeded the number of allowed connections. The specific message you would see in TMG when this happens is:
quote:

The number of TCP connections per minute from the source IP address xxx.xxx.xxx.xxx exceeded the configured limit. Forefront TMG will not allow the creation of new TCP connections from this source IP address during a system-defined time period. By default, this time period is 1 min.
I would like to increase the time period from 1 minute to something else. I have seen this question addressed in ISA 2006 but have not found a clear answer. I'm sure this has been answered somewhere but I can't seem to find it. Thanks.
Post #: 1
RE: TCP Connections per minute exceeded time period - 25.Oct.2011 8:56:00 AM   
dvizzle

 

Posts: 236
Joined: 20.Apr.2009
Status: offline 		Default is 600 per minute.

You can change the number per minute.

I change HTTP along with TCP.

Go to your Intrusion Prevention System, click "Configure Flood Mitigation Settings"

Edit Maximum TCP connect requests and HTTP.

Default is 600. Try bumping it up. (800-1000)

You can also make IP exceptions, if there is certain addresses within your company that you do not want to fall under the flood settings.

In my environment, I have all of my load balancers, and monitoring systems listed here.

(in reply to steve6341)
Post #: 2
RE: TCP Connections per minute exceeded time period - 25.Oct.2011 10:05:55 AM   
steve6341

 

Posts: 10
Joined: 18.Nov.2004
Status: offline 		I realize that I can control the number of connections an IP makes before it is blocked. But I want to change the amount of time that IP is blocked after they exceed their allowed connections. Right now they are blocked for 1 minute. I would like to block these connections for a longer period of time after they have exceeded their maximum number of connections. There does not appear to be a way in the UI (that I have found). I was hoping there was a registry fix for this. When an IP is blocked the wording of the error message implies that the time period is adjustable but "by default, this time period is 1 min."

(in reply to steve6341)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TCP Connections per minute exceeded time period Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts