Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
23
Task Remarks
2. 285HEnabling TCP Proxy for a
security
Required.
By default, the TCP proxy feature is disabled globally.
TIP:
The TCP proxy feature takes effect only for the incoming traffic of the security
zone.
3. 286HAdding a protected IP
address entry
At least one method is required.
You can add protected IP address entries by either of the methods:
StaticAdd entries manually. By default, no such entries are configured in
the system.
DynamicSelect Intrusion Detection > Traffic Abnormality > SYN Flood,
and then select the Add protected IP entry to TCP Proxy check box. After
the configuration, the TCP proxy-enabled device automatically adds
protected IP address entries when detecting SYN flood attacks. For more
information, see "
287HConfiguring traffic abnormality detection."
You can configure a maximum of 250 protected IP addresses for each
security zone through Web.
4. Configure to
automatically add a
protected IP address entry
5. 288HDisplaying information
about protected IP
address entries
Optional.
140BPerforming global TCP proxy setting
1. From the navigation tree, select Intrusion Detection > TCP Proxy > TCP Proxy Configuration to enter
the page shown in
289HFigure 25.
2. In the Global Configuration area, select Unidirection or Bidirection for TCP proxy.
3. Click Apply.
Figure 25 TCP proxy configuration
141BEnabling TCP Proxy for a security zone
1. From the navigation tree, select Intrusion Detection > TCP Proxy > TCP Proxy Configuration to enter
the page as shown in
290HFigure 25.
2. In the Zone Configuration area, click Enable to enable the TCP proxy feature for a target zone.