F3215-HP Load Balancing Module Security Configuration Guide-6PW101
186
Table 25 Configuration items
Item Descri
p
tion
Security Zone
Select a security zone to perform scanning detection configuration for it.
Enable Scanning Detection Select this option to enable scanning detection for the security zone.
Scanning Threshold Set the maximum connection rate for a source IP address.
Add a source IP to the
blacklist
Select this option to allow the system to blacklist a suspicious source IP address.
If this option is selected, you can then set the lifetime of the blacklisted source IP
addresses.
IMPORTANT:
Only when the blacklist feature is enabled, can the scanning detection function
blacklist a suspect and discard subsequent packets from the suspect.
Lifetime Set the lifetime of the blacklist entry.
Traffic abnormality detection configuration example
Network requirements
As shown in Figure 87, the internal network is the trusted zone, the subnet where the internal servers are
located is the DMZ, and the external network is the untrusted zone.
Configure the LB module to perform the following operations:
• Protect the internal network against scanning attacks from the external network.
• Limit the number of connections initiated by each internal host.
• Limit the number of connections to the internal server.
• Protect the internal server against SYN flood attacks from the external network.
Figure 87 Network diagram
Configuration considerations
To satisfy the requirements, perform the following configurations on the LB module:
• Configure scanning detection for the untrusted zone, enable the function to add entries to the
blacklist, and set the scanning threshold to 4500 connections per second.