Limiting the number of TCP and UDP connections within your network helps protect your business against denial of service (DoS) attacks.
You can set connection limits based on:
- A source IP address (the host initiating the connection)
- A destination IP address (the host the connection is made to)
Kerio Control lets you create exceptions to change the limits or disable limits for specific address groups.
Kerio Control keeps track of the number of connections made from, or to, each active host in the network. It also blocks connections from malicious hosts.
Kerio Control connection limits apply to both IPv4 and IPv6 IP addresses.
The connection limits are enabled and set to the values shown here by default:
- Limit maximum concurrent connections from 1 source IP address: 600
- Limit new connections per minute from 1 source IP address: 600
- Limit maximum concurrent inbound connections to 1 destination IP address: 1200
- Limit maximum concurrent inbound connections to 1 destination IP address from the same source: 100
After reaching the connection limit, Kerio Control breaks other connections to/from the host and creates an entry in the warning log.
Step by step guide:
Changing default values
- In the administration interface, go to Security Settings > Connection Limits.
- Change the limits as needed.
- Click Apply.
To return to the default state, click Reset.