Stormshield SN series Configuration Manual page 129

Gateway – router
If routers are specified in filter rules (Policy Based Routing), the availability of these routers
will then be tested systematically by sending ICMP echo request messages. When a router
that has been detected as uncontactable is a host object, the default gateway entered in
the Routing module will be selected automatically. If it is a router object, the action taken
will depend on the value selected for the field If no gateways are available during the
definition of this object (see the chapter Network objects).
For more technical information, refer to the technical support's Knowledge Base (article
"How does the PBR hostcheck work?").
Click on Ok to confirm your configuration.
"Quality of service" tab
The QoS module, integrated into Stormshield Network's intrusion prevention engine, is associated
with the Filtering module in order to provide Quality of Service features.
When a packet arrives on an interface, it will first be treated by a filter rule, then the intrusion
prevention engine will assign the packet to the right queue according to the configuration of the
filter rule's QoS field.
QoS
Queue
Fairness
Connection threshold
The Stormshield Network firewall may limit the maximum number of connections accepted per
second for a filter rule. The desired number can be defined for protocols corresponding to the rule
(TCP, UDP, ICMP and some application requests). This option also allows you to prevent a denial of
service which hackers may attempt: you may limit the number of requests per second
addressed to your servers.
Once this threshold has been exceeded, received packets will be blocked and ignored.
The restriction only applies to the corresponding rule.
Example: If you create an FTP rule, only a TCP restriction will be taken into account.
Page 129/448
This option is useful when specifying a particular router that will allow directing traffic
that corresponds to the rule to the defined router. The selected gateway may be a
host or router object.
IMPORTANT
This field offers you the choice of several queues that you have defined earlier in the
module Quality of service, in the menu Security policy.
No fairness: If you select this option, no particular amount of bandwidth will be
assigned and each user/host/connection will use it according its needs.
User fairness: bandwidth will be distributed evenly between users.
Host fairness: bandwidth will be distributed evenly between hosts.
Connection fairness: bandwidth will be distributed evenly between connections.
WARNING
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
FILTERING AND NAT