FPCConnectionLimitPolicy object
Applies to: desktop apps only
The FPCConnectionLimitPolicy object represents the connection limit policy for a Forefront TMG array. A connection limit policy includes the following connection limits.
- Default connection limits that establish how many concurrent transport-layer protocol connections may be accepted from a single IP address that is not configured as a special IP address. These include connection limits for TCP connections, for UDP connections, and for ICMP and other raw IP connections.
- Custom connection limits that establish how many concurrent transport-layer protocol connections may be accepted from a single special IP address. These include connection limits for TCP connections, for UDP connections, and for ICMP and other raw IP connections.
- A connection limit that restricts the total number of UDP, ICMP, and other raw IP connections that may be created for a single server publishing or access rule during one second.
When the TCP connection limit for an IP address is reached, no additional TCP connections are allowed for the IP address.
The UDP connection limit applies to connection mappings, rather than to connections. When the UDP connection limit for an IP address is reached and an attempt is made to create an additional UDP connection from that IP address, the oldest UDP connection that was created from the applicable IP address is closed, and the new connection is established.
A special IP address typically specifies a Web server or a chained proxy server, which would require many more connections than most other IP addresses. IP addresses are configured as special IP addresses by including them in a computer set that is referenced by the SpecialComputerSets property.
When the limit that restricts the number of connections created for a single rule during the current second is reached, no new connections will be created for traffic that has no connection associated with it, the packets will be dropped, and Forefront TMG will generate an event that can trigger a Connection Limit for a Rule Exceeded alert. After the current second passes, the counter is reset, and new connections can be created during the next second until the limit is reached again.
An additional connection limit can be defined in the FPCWebListenerProperties object for each Web listener and each network from which outgoing Web requests can be sent. These connection limits are not included in the policy defined by the FPCConnectionLimitPolicy object.
Forefront TMG includes a flood mitigation feature that uses connection limits to mitigate connection flooding so that Forefront TMG can continue to function, even under a flood attack. This is accomplished by identifying and blocking clients that generate excessive traffic. For a table that lists the flood mitigation settings on the Flood Mitigation page in Forefront TMG Management and the corresponding administration COM properties, see Flood Mitigation.
The FPCConnectionLimitPolicy object is accessed through the ConnectionLimitPolicy property of an FPCArrayPolicy object.
.png "Ff824569.bkbutton(en-us,VS.85).png")
Click here to see the Forefront TMG object hierarchy.
Inheritance
This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting the object's data to and importing it from an XML document.
Members
The FPCConnectionLimitPolicy object has these types of members:
- Properties
Properties
The FPCConnectionLimitPolicy object has these properties.
| Property | Access type | Description |
|---|---|---|
| Read-only | Gets an FPCConnectionLimit object that specifies the connection limits for a single IP address that is not configured as a special IP address. |
|
| Read/write | Gets or sets the maximum number of denied packets that will be logged during one second. |
|
| Read/write | Gets or sets a Boolean value that indicates whether the connection limit policy is enabled. |
|
| Read/write | Gets or sets the number of logged denied packets from a single IP address during one minute that will trigger an alert. |
|
| Read/write | Gets or sets a Boolean value that indicates whether traffic that exceeds a connection limit is logged. |
|
| Read/write | Gets or sets the maximum number of connections that can be created for a rule during one second. |
|
| Read-only | Gets an FPCRefs collection that contains references to the FPCComputerSet objects defining the computer sets to which the special connection limits apply. |
|
| Read-only | Gets an FPCConnectionLimit object that specifies the connection limits for special IP addresses. |
Methods Inherited from FPCPersist
| Name | Description |
|---|---|
| CancelWaitForChanges | Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only). |
| CanImport | Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document. |
| Export | Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML document. |
| ExportToFile | Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML file. |
| GetServiceRestartMask | Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect. |
| Import | Recursively copies the values of all the properties of the object and of its subobjects from the specified XML document to persistent storage. |
| ImportFromFile | Recursively copies the values of all the properties of the object and of its subobjects from the specified XML file to persistent storage. |
| LoadDocProperties | Provides the XML document's properties so that you can know what information can be imported from the document. |
| Refresh | Recursively reads the values of all the properties of the object and of its subobjects from persistent storage, overwriting any changes that have not been saved. |
| Save | Recursively writes the current values of all the properties of the object and its subobjects to persistent storage. |
| WaitForChanges | Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only). |
Properties Inherited from FPCPersist
| Name | Description |
|---|---|
| PersistentName | Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy. |
| VendorParameterSets | Gets an FPCVendorParametersSets collection that can hold sets of custom data for extending the object. |
Interfaces for C++ Programming
This object implements the IFPCConnectionLimitPolicy and IFPCConnectionLimitPolicy2 interfaces.
Requirements
Minimum supported client |
Windows Vista, None supported |
Minimum supported server |
Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only) |
Version |
Forefront Threat Management Gateway (TMG) 2010 |
IDL |
Msfpccom.idl |
See also
Build date: 7/12/2010