F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100
16
Figure 15 Adding a SYN flood detection rule
5. Configure a SYN flood detection rule, as described in 275HTable 6.
6. Click Apply.
Table 6 Configuration items
Item Descri
p
tion
Protected Host
Configuration
IP Address Specify the IP address of the protected host.
By default, the silent
threshold is three quarters
of the action threshold that
is 1000 packets per
second.
Action
Threshold
Set the protection action threshold for SYN
flood attacks that target the protected host.
If the sending rate of SYN packets destined
for the specified IP address constantly
reaches or exceeds this threshold, the
device enters the attack protection state
and takes attack protection actions as
configured.
Silent
Threshold
Set the silent threshold for actions that
protect against SYN flood attacks targeting
the protected host.
If the sending rate of SYN packets destined
for the specified IP address drops below
this threshold, the device returns to the
attack detection state and stops the
protection actions.