F3215-HP Load Balancing Module Security Configuration Guide-6PW101

199

d. Set the scanning threshold to 4500.

e. Select Add the source IP to the blacklist.

f. Click Apply.

Figure 108 Configuring scanning detection for the untrusted zone

Verifying the configuration

Select Security > Intrusion Detection > Blacklist from the navigation tree to view the manually added

blacklist entries.

The device discards all packets from Host D before you remove the blacklist entry for the host. If the

device receives packets from Host C, the device discards all packets from Host C within 50 minutes. After

50 minutes, the device forwards packets from Host C normally.

The device outputs an alarm log and adds the IP address to the blacklist when detecting a scanning

attack from the untrusted zone. You can select Security > Intrusion Detection > Blacklist from the

navigation tree to view the blacklist entry automatically added by scanning attack protection.

Displaying intrusion detection statistics

To display intrusion detection statistics:

1. From the navigation tree, select Security > Intrusion Detection > Statistics to enter the intrusion

detection statistics page, as shown in Figure 109.

2. Select a zone to view the counts of attacks and the counts of dropped packets in the security zone.

Descriptions of attack types are shown in Table 29.