HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Configuring ARP detection ············································································································································ 57

Configuring user validity check ··························································································································· 57

Configuring ARP packet validity check ··············································································································· 58

Configuring ARP restricted forwarding ··············································································································· 58

Displaying and maintaining ARP detection ········································································································ 59

Configuring ARP automatic scanning and fixed ARP ································································································· 59

Configuring the ARP automatic scanning and fixed ARP in the Web interface ······················································ 59

Configuring the ARP automatic scanning and fixed ARP at the CLI ································································ 62

Configuring TCP attack protection ···························································································································· 63

Overview ········································································································································································· 63

Enabling the SYN Cookie feature ································································································································ 63

Enabling protection against Naptha attacks ··············································································································· 64

Displaying and maintaining TCP attack protection ···································································································· 64

Configuring ND attack defense ································································································································ 65

Enabling source MAC consistency check for ND packets ························································································· 66

Configuring firewall ··················································································································································· 67

ACL based packet filter········································································································································· 67

ASPF ········································································································································································ 68

Configuring an IPv6 packet-filter firewall ···················································································································· 70

IPv6 packet-filter firewall configuration task list ································································································· 70

Enabling the IPv6 firewall function ······················································································································ 70

Configuring the default filtering action of the IPv6 firewall ·············································································· 70

Configuring packet filtering on an interface ······································································································ 70

Configuring an ASPF ····················································································································································· 71

ASPF configuration task list ·································································································································· 72

Configuring port mapping ···································································································································· 72

Enabling ASPF for an interzone instance············································································································ 72

Displaying ASPF ···················································································································································· 73

ASPF configuration example ································································································································ 73

Configuring content filtering ······································································································································ 74

HTTP packet content filtering ································································································································ 74

SMTP packet content filtering ······························································································································· 75

POP3 packet content filtering ······························································································································· 75

FTP packet content filtering ··································································································································· 75

Telnet packet content filtering······························································································································· 76

Configuration guidelines ··············································································································································· 76

Configuring content filtering in the Web interface ····································································································· 77

Recommended configuration procedure ············································································································· 77

Configuring a keyword filtering policy ··············································································································· 77

Configuring a content filtering policy ·················································································································· 84

Configuring a content filtering policy template ·································································································· 91

Displaying content filtering statistics ···················································································································· 92

Content filtering configuration example ·············································································································· 93

Configuring content filtering at the CLI ······················································································································ 103

Content filtering configuration task list ·············································································································· 103

Displaying and maintaining content filtering ··································································································· 112

Interzone content filtering configuration example ···························································································· 112

Configuring URPF ···················································································································································· 117