Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
25
Item Descri
p
tion
Lifetime(min)
Lifetime for the IP address entry under protection. This item is displayed as
for static IP address entries.
When the time reaches 0, the protected IP address entry is deleted.
Number of Rejected
Amount of requests for TCP connection requests matching the protected IP
address entry but were proved to be illegitimate.
59BTCP proxy configuration example
144BNetwork requirements
As shown in 293HFigure 28, configure bidirectional TCP proxy on Firewall to protect Server A, Server B, and
Server C against SYN flood attacks.
Add a protected IP address entry for Server A manually and configure dynamic TCP proxy for the other
servers.
Figure 28 Network diagram
145BConfiguring Firewall
1. Assign IP addresses for the interfaces and then add interface GigabitEthernet 1/1 to zone Untrust,
and GigabitEthernet 1/2 to zone Trust. (Details not shown.)
2. Set the TCP proxy mode to bidirectional and enable TCP proxy for zone Untrust:
a. From the navigation tree, select Intrusion Detection > TCP Proxy > TCP Proxy Configuration.