F3215-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

221

222

223

224

225

226

227

228

229

230

216

Configuring traffic statistics

Network requirements

As shown in Figure 113 , configure traffic statistics in security zone Trust, and configure UDP flood attack

protection to protect the internal server against UDP flood attacks.

Figure 113 Network diagram

Configuration procedure

# Assign IP addresses to the interfaces. (Details not shown.)

# Add interface GigabitEthernet 0/2 to security zone Trust.

<LB> system-view

[LB] zone name Trust

[LB-zone-Trust] import interface gigabitethernet 0/2

[LB-zone-Trust] quit

# Add interface GigabitEthernet 0/4 to security zone DMZ.

[LB] zone name DMZ

[LB-zone-DMZ] import interface gigabitethernet 0/4

[LB-zone-DMZ] quit

# Add interface GigabitEthernet 0/3 to security zone Untrust.

[LB] zone name Untrust

[LB-zone-Untrust] import interface gigabitethernet 0/3

[LB-zone-Untrust] quit

# Create attack protection policy 1.

[LB] attack-defense policy 1

# Enable UDP flood attack protection.

[LB-attack-defense-policy-1] defense udp-flood enable

# Set the global action threshold that triggers UDP flood attack protection to 100 packets per second.

[LB-attack-defense-policy-1] defense udp-flood rate-threshold high 100

# Configure the policy to drop the subsequent packets after a UDP flood attack is detected.

[LB-attack-defense-policy-1] defense udp-flood action drop-packet

[LB-attack-defense-policy-1] quit

Internet

Server

Host C

GE0/3GE0/2

GE0/4

Host A Host B

202.1.0.1/16192.168.1.1/16

10.1.1.2/24

10.1.1.1/24

Trust

DMZ

Untrust