Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
401402403404405406407408409410
4
RAW IP session establishment rate
The device collects statistics to calculate the session establishment rates at an interval of 5 seconds.
Therefore, the session establishment rates displayed on the device are based on the statistics collected
during the latest 5-second interval.
The traffic statistics function does not concern about the session status (except the TCP half-open and
half-close states). As long as a session is established, the count increases by 1. As long as a session is
deleted, the count decreases by 1.
TCP proxy
The TCP proxy function can protect servers from SYN flood attacks. A device enabled with the TCP proxy
function can function as a TCP proxy between TCP clients and servers. Upon detecting a SYN flood
attack, the device can add a protected IP address entry for the attacked server and use the TCP proxy
function to inspect and process all subsequent TCP requests destined to the server.
TCP proxy can operate in these modes:
Unidirectional proxy—Processes only packets from TCP clients.
Bidirectional proxy—Processes packets from both TCP clients and TCP servers.
You can choose a proper mode according to your network scenario. For example, if packets from TCP
clients to a server go through the TCP proxy but packets from the server to clients do not, as shown
in Figure 125,
configure unidirectional proxy.
Figure 125 Network diagram for unidirectional proxy
If all packets between TCP clients and a server go through the TCP proxy, as shown in Figure 126, you
can configure unidirectional proxy or bidirectional proxy as desired.
Figure 126 Network diagram for unidirectional/bidirectional proxy
Unidirectional proxy