F3215-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

201

202

203

204

205

206

207

208

209

210

197

field Descri

tion

Add Method

Type of the blacklist entry. Possible values include:

• Auto—Added by the scanning detection feature automatically.

• Manual—Added manually or modified manually.

IMPORTANT:

Once modified manually, an auto entry becomes a manual one.

Start Time Time when the blacklist entry is added.

Hold Time Lifetime of the blacklist entry.

Dropped Count Number of packets dropped based on the blacklist entry.

Blacklist configuration example

Network requirements

As shown in Figure 104, the internal network is the trusted zone and the external network is the untrusted

zone.

Configure the LB module to satisfy the following requirements:

• Block packets from Host D forever (it is assumed that Host D is an attack source).

• Block packets from Host C within 50 minutes, so as to control access of the host.

• Perform scanning detection for traffic from the untrusted zone and, upon detecting a scanning

attack, blacklists the source. The scanning threshold is 4500 connections per second.

Figure 104 Network diagram

Configuring the LB module

1. Assign IP addresses and security zones to the interfaces. (Details not shown.)

2. Enable the blacklist feature:

a. From the navigation tree, select Security > Intrusion Detection > Blacklist.

The blacklist management page appears, as shown in Figure 105.

b. In the Global Configuration area, select Enable Blacklist, and click Apply.

c. Click Apply.

Host A Host B

Internet

Host C

192.168.1.5/16

GE0/2

192.168.1.1/16

GE0/1

202.1.0.1/16

LBTrust

Untrust

Host D

5.5.5.5/24