Manualshelf

F3215-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
211212213214215216217218219220
204
Ste
p
Command
Remarks
6. Configure the device to drop
single-packet attack packets.
signature-detect action
drop-packet
Optional.
By default, the device only
outputs alarm logs if detecting a
single-packet attack.
Configuring a scanning attack protection policy
The scanning attack protection function detects scanning attacks by monitoring the establishment rate of
connections to the target systems. It is usually applied to security zones connecting external networks and
inspects only the inbound packets of the security zones. If the device detects that the rate at which an IP
address initiates connections reaches or exceeds the pre-defined threshold, the device outputs an alarm
log, and it can blacklist the IP address depending on your configuration. Subsequent packets from the
blacklisted IP address are dropped.
To configure a policy for preventing scanning attacks:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a non-default VD.
3. Enter attack protection policy
view.
attack-defense policy
policy-number
N/A
4. Enable scanning attack
protection.
defense scan enable Disabled by default.
5. Specify the connection rate
threshold that triggers scanning
attack protection.
defense scan max-rate rate-number
Optional.
4000 connections per second
by default.
6. Configure the blacklist function
for scanning attack protection.
Enable the blacklist function for
scanning attack protection:
defense scan add-to-blacklist
Set the aging time for entries
blacklisted by the scanning
attack protection function:
defense scan blacklist-timeout
minutes
Optional.
By default:
The blacklist function for
scanning attack protection is
disabled.
The aging time for entries
blacklisted by the scanning
attack protection function is
10 minutes.
7. Return to system view. quit N/A
8. Enable the blacklist function.
blacklist enable
Required to make the blacklist
entries added by the scanning
attack protection function take
effect.
By default, the blacklist function
is disabled.
Configuring a flood attack protection policy
The flood attack protection function is mainly used to protect servers. It detects various flood attacks by
monitoring the rate at which connection requests are sent to a server. The flood attack protection function