F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100
56
last-ack: LAST_ACK state of a TCP connection.
syn-received: SYN_RECEIVED state of a TCP connection.
connection-number number: Maximum number of TCP connections in a certain state. The argument
number is in the range of 0 to 500.
Usage guidelines
You need to enable the protection against Naptha attack before executing this command. Otherwise, an
error is prompted.
You can respectively configure the maximum number of TCP connections in each state.
If the maximum number of TCP connections in a state is 0, the aging of TCP connections in this state is
not accelerated.
Examples
# Set the maximum number of TCP connections in ESTABLISHED state to 100.
<Sysname> system-view
[Sysname] tcp anti-naptha enable
[Sysname] tcp state established connection-number 100
Related commands
tcp anti-naptha enable
tcp syn-cookie enable
Use tcp syn-cookie enable to enable the SYN Cookie feature to protect the device against SYN Flood
attacks.
Use undo tcp syn-cookie enable to disable the SYN Cookie feature.
Syntax
tcp syn-cookie enable
undo tcp syn-cookie enable
Default
The SYN Cookie feature is enabled.
Views
System view
Default command level
2: System level
Examples
# Enable the SYN Cookie feature.
<Sysname> system-view
[Sysname] tcp syn-cookie enable
tcp timer check-state
Use tcp timer check-state to configure the TCP connection state check interval.
Use undo tcp timer check-state to restore the default.