No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

FAQ-IP-CAR what key event need we notice when we have configured

Publication Date:  2012-10-15  |   Views:  115  |   Downloads:  0  |   Author:  SU1000722575  |   Document ID:  EKB1000017208

Contents

Issue Description

Q:
The low-mid firewall product IP-CAR configuration difference

Alarm Information

None.

Handling Process

A:
IP_CAR current limiting inzone and outzone relative to area, the direction from the area where the user in is called outzone, the opposite is called inzone, as the following picture to display:
 
Outzone is based on the source area, it expresses to establish monitoring list based on the source address and progress current limiting for these IP based on the IPCAR setting size. Inzone is based on the destination area,it expresses to establish monitoring list based on the destination address and progress current limiting for these IP based on the IPCAR setting size. Then current limiting based on the IPCAR of USG2100、USG3000 is two-ways,it cannot limit to the same rate for upstream and downstream traffic. The current limiting based on IPCAR of USG5300 has the direction,it can limit different rate by itself for upstream and downstream. For exmaple: USG3000 firewall can limit upstream traffic of PC to 512K,it can limit to 512 k for upstream and downstream by configuring outzone direction of IPCAR in the trust area. But USG5300 firewall can limit to different rate for upstream and downstream, it can control the upstream traffic of PC in 512k strictly.
Ip-stat is used to remove,the rule which is match the ACL deny doesn’t current limiting.

Root Cause

None.

Suggestions

None.