Tranzeo Wireless Technologies Inc GNVPZ1NT3 Manuale Utente
Chapter 15: Controlling Access to the EnRoute500
TR0153 Rev. E1
116
15.4 Connection Tracking
The firewall keeps track of existing TCP connections. It is advisable to enable connection
tracking for public networks that can have large numbers of users. In particular, it is important
to enable connection tracking if your network is heavily loaded or if it has users running file
sharing applications. A number of parameters are available for tuning how connection tracking
is handled.
tracking for public networks that can have large numbers of users. In particular, it is important
to enable connection tracking if your network is heavily loaded or if it has users running file
sharing applications. A number of parameters are available for tuning how connection tracking
is handled.
15.4.1
Limiting Number of TCP Connections Per Client Device
The number of TCP connections allowed per client device can be limited. For most use cases,
setting the connection limit to 30 is sufficient.
setting the connection limit to 30 is sufficient.
Users running file sharing applications may have difficulties establishing connections
when TCP connection limiting is enabled since the file sharing application may be
consuming the maximum number of TCP connections allowed.
when TCP connection limiting is enabled since the file sharing application may be
consuming the maximum number of TCP connections allowed.
CLI
The ‘conntrack.connlimit.enable’ parameter in the ‘firewall’ interface is used to set the state of
TCP connection limiting. The ‘conntrack.connlimit.connections’ parameter is used to set the
maximum number of connections allowed per client device.
TCP connection limiting. The ‘conntrack.connlimit.connections’ parameter is used to set the
maximum number of connections allowed per client device.
> use firewall
firewall> set conntrack.connlimit.enable=yes
firewall> set conntrack.connlimit.connections=30
firewall> set conntrack.connlimit.enable=yes
firewall> set conntrack.connlimit.connections=30
Web GUI
The TCP connection limit-related settings are set on the “Connections” sub-tab on the
“Firewall” tab of the “Security” page (see Figure 49). The “Conntrack Limiting” drop-down box
sets the state of TCP connection limiting and the “Conntrack Connection Limits” sets the
maximum number of TCP connections allowed per client device.
“Firewall” tab of the “Security” page (see Figure 49). The “Conntrack Limiting” drop-down box
sets the state of TCP connection limiting and the “Conntrack Connection Limits” sets the
maximum number of TCP connections allowed per client device.
15.4.2
Connection Tracking Table Size
The size of the connection tracking table can be set. This sets maximum aggregate number of
connections that can be supported for all users on all mesh devices in the mesh neighborhood
the gateway is servicing. Allowed values are in the range from 4096 to 16384. A larger
connection tracking table allows more connections to be maintained without dropping older
connections. Typically, the default size of 8192 is adequate for normal operation and the
setting should only be increased on gateway devices with high levels of traffic since they need
connections that can be supported for all users on all mesh devices in the mesh neighborhood
the gateway is servicing. Allowed values are in the range from 4096 to 16384. A larger
connection tracking table allows more connections to be maintained without dropping older
connections. Typically, the default size of 8192 is adequate for normal operation and the
setting should only be increased on gateway devices with high levels of traffic since they need