F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Ste

Command

Remarks

2. Enter VD system view. switchto vd vd-name Required for a non-default VD.

3. Enable the blacklist function.

blacklist enable Disabled by default.

4. Add a blacklist entry.

blacklist ip

source-ip-address

[ timeout minutes ]

Optional.

The scanning attack protection function can

add blacklist entries automatically.

You can add blacklist entries manually, or configure the device to automatically add the IP addresses of

detected scanning attackers to the blacklist. For the latter purpose, enable the blacklist function for the

device, the scanning attack protection function, and the blacklist function for scanning attack protection.

The blacklist entries added by the scanning attack protection function will be aged after the aging time,

which is configurable. For the configuration of scanning attack protection, see "

319HConfiguring a scanning

attack protection policy."

156BEnabling traffic statistics for a security zone

To collect traffic statistics on a security zone, you need to enable the traffic statistics function on the

security zone. The device supports traffic statistics in the following modes:

• By direction, inbound, or outbound of a security zone—Collect statistics on packets that enter or

leave a security zone.

• By source or destination IP address—Collect statistics on packets sent to a security zone by source

IP addresses or on packets sent from a security zone by destination IP addresses.

To enable traffic statistics on a security zone:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Enter VD system view.

switchto vd vd-name Required for a non-default VD.

3. Enter security zone view.

zone name zone-name id zone-id N/A

4. Enable traffic statistics for the

security zone.

flow-statistics enable

{ destination-ip | inbound |

outbound | source-ip }

Disabled by default.

70BDisplaying and maintaining attack detection and protection

Task Command

Remarks

Display the attack protection

statistics of a security zone.

display attack-defense statistics [ vd

vd-name ] zone zone-name [ | { begin |

exclude | include } regular-expression ]

Available in any view.

Display the configuration

information about one or all attack

protection policies.

display attack-defense policy

[ policy-number ] [ vd vd-name ] [ | { begin |

exclude | include } regular-expression ]

Available in any view.

Display information about blacklist

entries.

display blacklist { all | ip sour-address } [ vd

vd-name ] [ | { begin | exclude | include }

regular-expression ]

Available in any view.