Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
i
Contents
Configuring attack detection and protection ············································································································· 1
Overview ············································································································································································ 1
Types of network attacks the device can defend against ···················································································· 1
Connection limit ························································································································································ 3
Blacklist function ······················································································································································· 3
Traffic statistics function ··········································································································································· 4
TCP proxy ·································································································································································· 4
Intrusion detection statistics ····································································································································· 6
Configuring attack detection and protection in the Web interface ············································································· 7
Configuring packet inspection ································································································································ 7
Packet inspection configuration example ·············································································································· 8
Configuring traffic abnormality detection ·············································································································· 9
Traffic abnormality detection configuration example ························································································ 18
Configuring TCP proxy ········································································································································· 22
TCP proxy configuration example ······················································································································· 25
Configuring blacklist ············································································································································· 27
Blacklist configuration example ··························································································································· 29
Displaying intrusion detection statistics ··············································································································· 32
Configuring the attack detection and protection at the CLI ······················································································· 34
Attack detection and protection configuration task list ····················································································· 34
Creating an attack protection policy ··················································································································· 35
Enabling attack protection logging ····················································································································· 35
Configuring an attack protection policy ············································································································· 35
Applying an attack protection policy to a security zone ·················································································· 39
Configuring TCP proxy ········································································································································· 40
Configuring the blacklist function ························································································································ 40
Displaying and maintaining attack detection and protection ··········································································· 41
Attack protection functions on security zones configuration example ····························································· 42
Blacklist configuration example ··························································································································· 44
Traffic statistics configuration example ··············································································································· 45
TCP proxy configuration example ······················································································································· 47
Configuring ARP attack protection ···························································································································· 49
Overview ········································································································································································· 49
ARP attack protection configuration task list ··············································································································· 49
Configuring unresolvable IP attack protection ············································································································ 50
Configuring ARP source suppression ·················································································································· 50
Enabling ARP black hole routing ························································································································· 50
Displaying and maintaining ARP source suppression ······················································································· 51
Unresolvable IP attack protection configuration example ························································································· 51
Configuring source MAC based ARP attack detection ······························································································ 52
Displaying and maintaining source MAC based ARP attack detection ·························································· 53
Source MAC based ARP attack detection configuration example ··································································· 53
Configuring ARP packet source MAC consistency check ·························································································· 54
Configuring ARP active acknowledgement ················································································································· 55
Configuring periodic sending of gratuitous ARP packets ·························································································· 56
Configuration restrictions and guidelines ··········································································································· 57
Configuring periodic sending of gratuitous ARP packets ················································································· 57
Configuring ARP detection ············································································································································ 58