F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100
8
Item Descri
p
tion
Enable IP Packet Carrying Source Route Attack
Detection
Enable or disable detection of source route attacks.
Enable Route Record Option Attack Detection
Enable or disable detection of route record attacks.
Enable Large ICMP Packet Attack Detection
Enable detection of large ICMP attacks and set the
packet length limit, or disable detection of such
attacks.
Max Packet Length
55BPacket inspection configuration example
126BNetwork requirements
As shown in 269HFigure 6, the internal network is the trusted zone and the external network is the untrusted
zone.
Configure the firewall to protect the trusted zone against Land attacks and Smurf attacks from the
untrusted zone.
Figure 6 Network diagram
127BConfiguring Firewall
1. Assign IP addresses and security zones to interfaces. (Details not shown.)
2. Enable Land attack detection and Smurf attack detection for the untrusted zone:
a. From the navigation tree, select Intrusion Detection > Packet Inspection.
b. The packet inspection configuration page appears, as shown in 270HFigure 7.
c. Select Untrust from the Zone list. Then select Discard Packets when the specified attack is
detected, Enable Land Attack Detection, and Enable Smurf Attack Detection.
d. Click Apply.