Manualshelf

F3215-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
211212213214215216217218219220
211
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a non-default VD.
3. Enter security zone view.
zone name zone-name id zone-id N/A
4. Enable traffic statistics for the
security zone.
flow-statistics enable
{ destination-ip | inbound |
outbound | source-ip }
Disabled by default.
Displaying and maintaining attack detection and protection
Task Command
Remarks
Display the attack protection
statistics of a security zone.
display attack-defense statistics [ vd
vd-name ] zone zone-name [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Display the configuration
information of one or all attack
protection policies.
display attack-defense policy
[ policy-number ] [ vd vd-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Display information about blacklist
entries.
display blacklist { all | ip sour-address } [ vd
vd-name ] [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display the traffic statistics of a
security zone.
display flow-statistics statistics [ vd vd-name ]
zone zone-name { inbound | outbound } [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
Display the security zone traffic
statistics based on IP addresses.
display flow-statistics statistics
{ destination-ip dest-ip-address | source-ip
src-ip-address } [ vpn-instance
vpn-instance-name ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display information about the IP
addresses protected by the TCP
proxy function.
display tcp-proxy protected-ip [ vd vd-name ]
[ | { begin | exclude | include }
regular-expression ]
Available in any view.
Clear the attack protection statistics
information of a security zone.
reset attack-defense statistics [ vd vd-name ]
zone zone-name
Available in user view.
Configuring attack protection functions on security zones
Network requirements
As shown in Figure 110, security zone Trust on LB module is connected to the internal network, security
zone Untrust is connected to the external network, and security zone DMZ is connected to an internal
server.
Protect internal hosts against Smurf attacks and scanning attacks from the external network. Protect the
internal server against SYN flood attacks from the external network. To meet the requirements, perform
the following configurations: