R3303-HP HSR6800 Routers Security Command Reference
468
Syntax
tcp-proxy enable
undo tcp-proxy enable
Default
The TCP proxy function is disabled on an interface.
Views
Interface view
Default command level
2: System level
Usage guidelines
Usually, the TCP proxy function is used on a device's interfaces connected to external networks to protect
internal servers from SYN flood attacks. When detecting a SYN flood attack, the device can take
protection actions configured by using the defense syn-flood action command. If the trigger-tcp-proxy
keyword is specified for the defense syn-flood action command, the device adds a protected IP address
entry for the server, and starts TCP proxy in the specified mode to inspect and process subsequent TCP
connection requests to the server.
When detecting SYN flood attacks, the TCP proxy function can take effect only if it is enabled.
Examples
# Enable TCP proxy on interface GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] tcp-proxy enable
Related commands
• defense syn-flood action
• tcp-proxy mode
• display tcp-proxy protected-ip
tcp-proxy mode
Use tcp-proxy mode to set the TCP proxy operating mode.
Use undo tcp-proxy mode to restore the default.
Syntax
tcp-proxy mode unidirection
undo tcp-proxy mode
Default
TCP proxy operates in bidirectional mode when enabled.
Views
System view
Default command level
2: System level