Dynamic Demotion for NAT Devices

In addition to the various ways the Oracle® Enterprise Session Border Controller already allows you to promote and demote devices to protect itself and other network elements from DoS attacks, it can now block off an entire NAT device. The Oracle® Enterprise Session Border Controller can detect when a configurable number of devices behind a NAT have been blocked off, and then shut off the entire NAT’s access.

This dynamic demotion of NAT devices can be enabled for an access control (ACL) configuration or for a realm configuration. When you enable the feature, the Oracle® Enterprise Session Border Controller tracks the number of endpoints behind a single NAT that have been labeled untrusted. It shuts off the NAT’s access when the number reaches the limit you set.

The demoted NAT device then remains on the untrusted list for the length of the time you set in the deny-period.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents