Manualshelf

F3215-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
181182183184185186187188189190
174
attack, the device can add a protected IP address entry for the attacked server and use the TCP proxy
function to inspect and process all subsequent TCP requests destined to the server.
TCP proxy can operate in two modes:
Unidirectional proxy—Processes only packets from TCP clients.
Bidirectional proxy—Processes packets from both TCP clients and TCP servers.
You can choose a proper mode according to your network scenario. For example, if packets from TCP
clients to a server go through the TCP proxy but packets from the server to clients do not, as shown
in Figure 72,
configure unidirectional proxy.
Figure 72 Network diagram for unidir
ectional proxy
If all packets between TCP clients and a server go through the TCP proxy, as shown in Figure 73, you can
configure unidirectional proxy or bidirectional proxy as desired.
Figure 73 Network diagram for unidirectional/bidirectional proxy
Unidirectional proxy
Figure 74 Data exchange process in unidirectional proxy mode
TCP client TCP proxy TCP server
1) SYN
2) SYN ACK (invalid sequence
number)
3) RST
4) SYN (retransmitting)
5) SYN (forwarding)
6) SYN ACK
7) ACK
8) ACK (forwarding)