Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
51525354555657585960
47
Total number of existing sessions : 13676
Session establishment rate : 2735/s
TCP sessions : 0
Half-open TCP sessions : 0
Half-close TCP sessions : 0
TCP session establishment rate : 0/s
UDP sessions : 13676
UDP session establishment rate : 2735/s
ICMP sessions : 0
ICMP session establishment rate : 0/s
RAWIP sessions : 0
RAWIP session establishment rate : 0/s
The output shows that in security zone trust, a large number of UDP packets are destined for 10.1.1.2, and
the session establishment rate has exceeded the specified threshold. Therefore, you can determine that
the server is under a UDP flood attack. You can use the display attack-defense statistics command to
view the related statistics collected after the UDP flood protection function takes effect.
74BTCP proxy configuration example
166BNetwork requirements
Configure a bidirectional TCP proxy on Firewall to protect Server A, Server B, and Server C from SYN
flood attacks.
Add the IP address of Server A as a static protected IP and protect other servers dynamically.
Figure 44 Network diagram
167BConfiguration procedure
# Specify IP addresses for interfaces and add them into security zones. (Details not shown.)
# Configure the operating mode of TCP Proxy as bidirectional.
[Firewall] undo tcp-proxy mode unidirection
# Configure TCP proxy for IP address 192.168.1.10 and port number 21.
[Firewall] tcp-proxy protected-ip 192.168.1.10 21
# Enable TCP proxy for security zone untrust.
[Firewall] zone name untrust
[Firewall-zone-untrust] tcp-proxy enable
[Firewall-zone-untrust] quit
# Create attack protection policy 1.
Internet
Firewall
Server C
GE0/2GE0/1
Server A
192.168.1.10/24
Server B
202.1.0.1/16192.168.1.1/16
Trust
Untrust