User's Manual

UTT Technologies Chapter 12 Security

http://www.uttglobal.com Page 347

1. When using NAT session limit function, the Device will search the Session Limit List

to find out if there is a rule that matches a LAN host. It will check the host¶s IP address

against each rule in the order in which the rules are listed. After a match is found, no

further rules will be checked. Note that the rules are listed in reverse chronological

order of creation, the later the rule is created, and the upper the rule is listed.

2. The start IP address should be less than or equal to the end IP address. The address

ranges of different NAT session limit rules can overlap.

3. If some applications (such as online games) performance is degraded due to the

maximum NAT sessions limit, you can increase the Max. Sessions and Max. TCP

sessions (or Max. UDP sessions) properly. Note that if they are too large, it will

lower or lose the Device¶s ability to prevent DDoS attacks.

4. In most cases, to ensure that the LAN users surf the Internet normally, the maximum

NAT sessions cannot be too small. It is suggested that both the Max. Sessions and

Max. TCP sessions should be larger than or equal to 100, the Max. UDP sessions

should be larger than or equal to 50, and Max. ICMP sessions should be larger than

or equal to 10.

12.5.2 NAT Session Limit Rule List

Figure 12-29 NAT Session Limit Rule List

Add a NAT Session Limit Rule: If you want to add a new NAT session limit rule,

click the New button or select the Session Limit Settings tab to go to the setup page,

and then configure it, lastly click the Save button.