HP 7100/7200 IPsec dl Module : F3215-HP Load Balancing Module Security Configuration Guide-6PW101 : Page 6

iv

Configuring RSH ····················································································································································· 149

Configuration prerequisites ········································································································································· 149

Configuration procedure ············································································································································· 149

RSH configuration example ········································································································································ 149

Managing sessions ················································································································································· 152

Overview ······································································································································································· 152

Session management principle ·························································································································· 152

Session management implementation ··············································································································· 152

Managing sessions in the web interface ··················································································································· 153

Configuring basic session management settings ····························································································· 153

Displaying session table information ················································································································· 155

Managing sessions in the CLI ····································································································································· 158

Session management task list ····························································································································· 158

Configuring session logging ······························································································································ 160

Displaying and maintaining session management ·························································································· 162

Configuring session acceleration ··························································································································· 164

Overview ······································································································································································· 164

Configuring session acceleration ······························································································································· 164

Configuration guidelines ············································································································································· 164

Configuring virtual fragment reassembly ·············································································································· 165

Overview ······································································································································································· 165

Configuring virtual fragment reassembly in the Web interface ·············································································· 165

Configuring virtual fragment reassembly ·········································································································· 165

Virtual fragment reassembly configuration example ······················································································· 166

Configuring virtual fragment reassembly at the CLI ································································································· 168

Configuration guidelines ···································································································································· 168

Configuration procedure ···································································································································· 168

Configuration example ······································································································································· 169

Configuring attack detection and protection ········································································································ 170

Overview ······································································································································································· 170

Types of network attacks the device can defend against ··············································································· 170

Connection limit ··················································································································································· 172

Blacklist function ·················································································································································· 172

Traffic statistics function ······································································································································ 173

TCP proxy ····························································································································································· 173

Intrusion detection statistics ································································································································ 175

Configuring attack detection and protection in the Web interface ········································································ 176

Configuring packet inspection ··························································································································· 176

Packet inspection configuration example ········································································································· 177

Configuring traffic abnormality detection ········································································································· 178

Traffic abnormality detection configuration example ······················································································ 186

Configuring TCP proxy ······································································································································· 190

Enabling TCP Proxy for a Security Zone ··········································································································· 191

TCP proxy configuration example ····················································································································· 192

Configuring blacklist ··········································································································································· 195

Blacklist configuration example ························································································································· 197

Displaying intrusion detection statistics ············································································································· 199

Configuring attack detection and protection at the CLI ··························································································· 202

Attack detection and protection configuration task list ··················································································· 202

Creating an attack protection policy ················································································································· 202

Enabling attack protection logging ··················································································································· 203

Configuring an attack protection policy ··········································································································· 203