Cisco Cisco Packet Data Gateway (PDG)
• udp: Enables UDP uplink flooding protection.
all: Enables protection for all the servers.
host-pool hostpool_name: Specifies the name of the host pool. hostpool_name must be an alphanumeric string
of 1 through 63 characters.
of 1 through 63 characters.
packet limit packet_limit
Specifies the maximum number of packets allowed during a sampling interval.
packet_limit must be an integer from 1 through 4294967295.
Default: 1000 packets per sampling interval for all protocols.
inactivity-timeout inactivity_timeout
Specifies the inactivity timeout period, in seconds. This allows flooding traffic if the destination is inactive
for more than the configured period.
for more than the configured period.
inactivity_timeout must be an integer from 1 through 4294967295.
Default: 300 seconds
uplink-sample-interval interval
Specifies the uplink sampling interval, in seconds. The maximum sampling-interval configurable is 60 seconds.
interval must be an integer from 1 through 60.
Default: 1 second
Usage Guidelines
Use this command to enable Stateful Firewall protection from different types of DoS attacks for all servers
or for those servers mentioned in the host pool. This allows users to safeguard their own servers and other
hosts.
or for those servers mentioned in the host pool. This allows users to safeguard their own servers and other
hosts.
DoS attacks are also detected in the downlink direction. The firewall dos-protection command must be
configured in the FW-and-NAT Policy Configuration mode.
configured in the FW-and-NAT Policy Configuration mode.
Examples
The following command enables ICMP uplink protection for all servers with packet limit set to 10:
firewall dos-protection flooding icmp protect-servers all packet limit 10
firewall dos-protection flooding icmp protect-servers all packet limit 10
Command Line Interface Reference, Modes A - B, StarOS Release 19
395
ACS Configuration Mode Commands
firewall dos-protection flooding