In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
If you don't make any restrictions, the number of sessions on the firewall can be close to 2000, and then it starts to drop packets, although it is known to be 8064, so it is necessary to optimize the firewall without increasing the cost.
Find the command line documentation and optimize flow first.
early ageout setting:
high watermark = 19 (1532 sessions)
low watermark = 12 (967 sessions)
early ageout = 2
Because the available NATSession is 1600, when the setting reaches 1532, the old session release will be automatically dismantled.
flow initialsession timeout: 20 seconds
Next is optimizing servicetime out
HTTP 6 80 info seeking 1* Pre-defined
HTTP-EXT 6 8000/8001 info seeking 1* Pre-defined
HTTPS 6 443 security 1 Pre-defined
TCP-ANY 6 0/65535 other 1 Pre-defined
UDP-ANY 17 0/65535 other 1* Pre-defined
The last is to directly restrict single IP sessions
SourceIP Based Session Limit
The principle is to keep NATSession below 1600, and then ping the website can not drop the package. The number of sessions is limited to 180.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
