F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100
17
Item Descri
p
tion
Global
Configuration of
Security Zone
Action
Threshold
Set the protection action threshold for SYN
flood attacks that target a host in the
protected security zone.
If the sending rate of SYN packets destined
for a host in the security zone constantly
reaches or exceeds this threshold, the
device enters the attack protection state
and takes attack protection actions as
configured.
By default, the silent
threshold is three quarters
of the action threshold that
is 1000 packets per
second.
Silent
Threshold
Set the silent threshold for actions that
protect against SYN flood attacks targeting
a host in the protected security zone.
If the sending rate of SYN packets destined
for a host in the security zone drops below
this threshold, the device returns to the
attack detection state and stops the
protection actions.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
133BConfiguring connection limits
1. From the navigation tree, select Intrusion Detection > Traffic Abnormality > Connection Limit.
The connection limit configuration page appears.
Figure 16 Connection limit configuration page
2. Configure the connection limits for the security zone, as described in 276HTable 7.
3. Click Apply.
Table 7 Configuration items
Item Descri
p
tion
Security Zone
Select a security zone to perform connection limit configuration
for it.
Discard packets when the specified attack
is detected
Select this option to discard subsequent packets destined for or
sourced from an IP address when the number of the connections
for that IP address has exceeded the limit.
Enable connection limit per source IP
Select the option to set the maximum number of connections that
can be present for a source IP address.
Threshold