Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
11
Table 3 Configuration items
Item Descri
p
tion
Protected Host
Configuration
IP Address Specify the IP address of the protected host.
Action
Threshold
Set the protection action threshold for ICMP
flood attacks that target the protected host.
If the sending rate of ICMP packets destined
for the specified IP address constantly
reaches or exceeds this threshold, the device
enters the attack protection state and takes
attack protection actions as configured.
By default, the silent
threshold is three
quarters of the action
threshold that is 1000
packets per second.
Silent
Threshold
Set the silent threshold for actions that protect
against ICMP flood attacks targeting the
protected host.
If the sending rate of ICMP packets destined
for the specified IP address drops below this
threshold, the device returns to the attack
detection state and stops the protection
actions.
Global
Configuration of
Security Zone
Action
Threshold
Set the protection action threshold for ICMP
flood attacks that target a host in the
protected security zone.
If the sending rate of ICMP packets destined
for a host in the security zone constantly
reaches or exceeds this threshold, the device
enters the attack protection state and takes
attack protection actions as configured.
By default, the silent
threshold is three
quarters of the action
threshold that is 1000
packets per second.
Silent
Threshold
Set the silent threshold for actions that protect
against ICMP flood attacks targeting a host
in the protected security zone.
If the sending rate of ICMP packets destined
for a host in the security zone drops below
this threshold, the device returns to the attack
detection state and stops the protection
actions.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
130BConfiguring UDP flood detection
UDP flood detection is mainly intended to protect servers and is usually configured for an internal zone.
1. From the navigation tree, select Intrusion Detection > Traffic Abnormality > UDP Flood.
The UDP flood detection configuration page appears.