AnsweredAssumed Answered

Does the rate-limit on client-ip count within one policy only

Question asked by DimitriDemeer82305080 on Jul 31, 2017
Latest reply on Aug 1, 2017 by ajake01

Hello, i couldn't find this in the docs.


When using the rate-limit assertion, and setting it to client-ip.
Is this a counter specific to one policy, or does it work globally for connections from said client-ip?


For high performant rate limiting, what is the impact of disabling the cluster-wide checkboxes.
Is it safe to assume, cluster-wide causes database operations, and local is in-memory only and thus faster? Because this could have a big impact on availability during DOS attacks.


Additionally, if it does not work globally. Can we put a rate-limit on client-ip in the message-received global policy, if we want to protect our entire infrastructure.

And perhaps just out of interest, how do other people protect their gateways against DOS attacks from for example one client? Are there people that put protection measures in the global message-received policy?