Connection-rate filtering - virus throttle

Brad_199 · ‎01-07-2014

Has anyone used connection-rate filtering based on virus throttle?

Do you have any advice or suggestions about it?

Neil_Salmon · ‎01-27-2014

Yes, it works well, however:-

1. Plan which devices (interfaces) you want to throttle - probably not your DHCP, DNS or AD servers.

2. Start with the settings lowto you get a feel for the number of issues on your network or you will be overwhelmed with false-positives and lots of unhappy users.

Richard Litchfield · ‎03-21-2014

Sometimes it gives a false positive. Torrent servers are the example I recall that were incorrectly flagged. Put it in notify mode initially, and check the logs:
I 03/13/14 03:01:03 00806 connfilt: Src IP 172.20.100.107 unblocked
W 03/13/14 02:59:57 00695 connfilt: Src IP 172.20.100.107 throttled, port B20
I 03/09/14 08:54:47 00806 connfilt: Src IP 172.20.100.106 unblocked
W 03/09/14 08:53:44 00695 connfilt: Src IP 172.20.100.106 throttled, port B7

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Connection-rate filtering - virus throttle

Connection-rate filtering - virus throttle

Re: Connection-rate filtering - virus throttle

Re: Connection-rate filtering - virus throttle