Shield

From UntangleWiki
Jump to: navigation, search

Shield

The shield monitors the session creation rate of the clients creating sessions. Each time a session is processed by Untangle the shield calculates the current session creation rate of the client initiating the session. If the session creation rate of the client reaches a level that the shield considers too aggressive the session creation rate of that client is limited to that level.

This process protects the Untangle server and also protects the network from Denial of Service (DOS) attacks.

Enable Shield

If checked, the shield is enabled. If unchecked the shield is disabled. Warning: do not disable the shield. Doing so may cause performance and stability issues. This checkbox is provided to allow for troubleshooting. It is never suggested to leave the shield disabled after any troubleshooting steps.

Note, the shield only looks at new session requests, it does not influence or process traffic of existing sessions. It also does not scan bypassed sessions.

Shield Rules

Shield rules are evaluated at session creation time. The rules documentation describes how rules are processed.

If one of the rules matches, the action from the first matching rules is applied. If no shield rule matches the session is scanned.

If the session is scanned if the current session creation rate is too high, the packet will be dropped. If the current session creation rate is not too high, the current session creation rate is adjusted to account for this new session and the session is allowed.

Reports

The Reports tab provides a view of all reports and events for all traffic handled by Shield.

Reports

This applications reports can be accessed via the Reports tab at the top or the Reports tab within the settings. All pre-defined reports will be listed along with any custom reports that have been created.

Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right.

Pre-defined report queries:

Report Entry Description
Scanned Sessions The amount of scanned and blocked sessions over time.
Blocked Sessions The amount of blocked sessions over time.
Top Blocked Ports The number of blocked sessions grouped by server port.
Top Blocked Clients The number of blocked sessions grouped by client.
Top Blocked Hostnames The number of blocked sessions grouped by hostname.
Top Blocked Usernames The number of blocked sessions grouped by username.
Scanned Session Events All sessions scanned by Shield.
Blocked Session Events All sessions blocked by Shield.


The tables queried to render these reports:



FAQ

Does the Shield limit bandwidth?

No, the Shield only looks at new session requests. After the session is accepted the data of that session is not scanned by the shield. It has no capability to see or process the data of accepted connections.