F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Configuring user validity check ··························································································································· 58

Configuring ARP packet validity check ··············································································································· 59

Configuring ARP restricted forwarding ··············································································································· 59

Displaying and maintaining ARP detection ········································································································ 60

Configuring ARP automatic scanning and fixed ARP ································································································· 60

Configuring the ARP automatic scanning and fixed ARP in the Web interface ······················································ 60

Configuring the ARP automatic scanning and fixed ARP at the CLI ································································ 63

Configuring TCP attack protection ···························································································································· 64

Overview ········································································································································································· 64

Enabling the SYN Cookie feature ································································································································ 64

Enabling protection against Naptha attacks ··············································································································· 65

Displaying and maintaining TCP attack protection ···································································································· 65

Configuring ND attack defense ································································································································ 66

Feature and hardware compatibility ···························································································································· 66

Enabling source MAC consistency check for ND packets ························································································· 67

Configuring firewall ··················································································································································· 68

ACL based packet filter········································································································································· 68

ASPF ········································································································································································ 69

Configuring an IPv6 packet-filter firewall ···················································································································· 71

IPv6 packet-filter firewall configuration task list ································································································· 71

Enabling the IPv6 firewall function ······················································································································ 71

Configuring the default filtering action of the IPv6 firewall ·············································································· 71

Configuring packet filtering on an interface ······································································································ 72

Configuring an ASPF ····················································································································································· 73

ASPF configuration task list ·································································································································· 73

Configuring port mapping ···································································································································· 73

Enabling ASPF for an interzone instance············································································································ 73

Displaying ASPF ···················································································································································· 74

ASPF configuration example ································································································································ 74

Configuring content filtering ······································································································································ 75

HTTP packet content filtering ································································································································ 75

SMTP packet content filtering ······························································································································· 76

POP3 packet content filtering ······························································································································· 76

FTP packet content filtering ··································································································································· 76

Telnet packet content filtering······························································································································· 77

Configuration guidelines ··············································································································································· 77

Configuring content filtering in the Web interface ····································································································· 78

Recommended configuration procedure ············································································································· 78

Configuring a keyword filtering policy ··············································································································· 78

Configuring a content filtering policy ·················································································································· 85

Configuring a content filtering policy template ·································································································· 92

Displaying content filtering statistics ···················································································································· 94

Content filtering configuration example ·············································································································· 94

Configuring content filtering at the CLI ······················································································································ 235H105

95HContent filtering configuration task list ·············································································································· 236H105

96HDisplaying and maintaining content filtering ··································································································· 237H114

97HInterzone content filtering configuration example ···························································································· 238H114

98HConfiguring URPF ···················································································································································· 239H118

99HOverview ······································································································································································· 240H118