Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
35
64BCreating an attack protection policy
Before configuring attack protection functions for a security zone, you need to create an attack protection
policy and enter its view. In attack protection policy view, you can define one or more signatures used for
attack detection and specify the corresponding protection measures.
When creating an attack protection policy, you can also specify a security zone so that the security zone
uses the policy exclusively.
To create an attack protection policy:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a non-default VD.
3. Create an attack protection
policy and enter attack
protection policy view.
attack-defense policy
policy-number [ zone zone-name ]
By default, no attack protection
policy is created.
65BEnabling attack protection logging
After the attack protection policy is created, you can enable attack protection logging to record
single-packet attacks, scanning attacks, and flood attacks for adjusting network management strategies.
To enable attack protection logging:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable attack
protection logging.
attack-defense
logging enable
Optional.
By default, attack protection logging is disabled.
66BConfiguring an attack protection policy
In an attack protection policy, you can specify the signatures for attack detection and the corresponding
protection measures according to the security requirements of your network.
Different types of attack protection policies have different configurations, which are described below in
terms of single-packet attacks, scanning attacks, and flood attacks.
153BConfiguring a single-packet attack protection policy
The single-packet attack protection function determines whether a packet is an attack packet mainly by
analyzing the characteristics of the packet. It is usually applied to security zones connecting external
networks, and inspects only the inbound packets of the security zones. If detecting an attack packet, the
device outputs an alarm log by default and, depending on your configuration, drop or forward the
packet.
To configure a policy for preventing single-packet attacks:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A