Shield: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
 
(One intermediate revision by one other user not shown)
Line 4: Line 4:


The shield monitors the session creation rate of the clients creating sessions.
The shield monitors the session creation rate of the clients creating sessions.
Each time a session is processed by Untangle the shield calculates the current session creation rate of the client initiating the session. If the session creation rate of the client reaches a level that the shield considers too aggressive the session creation rate of that client is limited to that level.
Each time a session is processed by NG Firewall the shield calculates the current session creation rate of the client initiating the session. If the session creation rate of the client reaches a level that the shield considers too aggressive the session creation rate of that client is limited to that level.


This process protects the Untangle server and also protects the network from [http://en.wikipedia.org/wiki/Denial-of-service_attack Denial of Service (DOS) attacks].
{{TriScreenshot|config|system|shield}}
 
This process protects the NG Firewall server and also protects the network from [http://en.wikipedia.org/wiki/Denial-of-service_attack Denial of Service (DOS) attacks].


== Enable Shield ==
== Enable Shield ==

Latest revision as of 16:20, 3 May 2022

Shield

The shield monitors the session creation rate of the clients creating sessions. Each time a session is processed by NG Firewall the shield calculates the current session creation rate of the client initiating the session. If the session creation rate of the client reaches a level that the shield considers too aggressive the session creation rate of that client is limited to that level.

This process protects the NG Firewall server and also protects the network from Denial of Service (DOS) attacks.

Enable Shield

If checked, the shield is enabled. If unchecked the shield is disabled. Warning: do not disable the shield. Doing so may cause performance and stability issues. This checkbox is provided to allow for troubleshooting. It is never suggested to leave the shield disabled after any troubleshooting steps.

Note, the shield only looks at new session requests, it does not influence or process traffic of existing sessions. It also does not scan bypassed sessions.

Shield Rules

Shield rules are evaluated at session creation time. The rules documentation describes how rules are processed.

If one of the rules matches, the action from the first matching rules is applied. If no shield rule matches the session is scanned.

If the session is scanned if the current session creation rate is too high, the packet will be dropped. If the current session creation rate is not too high, the current session creation rate is adjusted to account for this new session and the session is allowed.

Reports

The Reports tab provides a view of all reports and events for all traffic handled by Shield.

Reports

This applications reports can be accessed via the Reports tab at the top or the Reports tab within the settings. All pre-defined reports will be listed along with any custom reports that have been created.

Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right.

Pre-defined report queries: {{#section:All_Reports|'Shield'}}

The tables queried to render these reports:



FAQ

Does the Shield limit bandwidth?

No, the Shield only looks at new session requests. After the session is accepted the data of that session is not scanned by the shield. It has no capability to see or process the data of accepted connections.