HP VPN Firewall Appliances Attack Protection Configuration Guide
47
# Configure TCP proxy for IP address 192.168.1.10 and port number 21.
[Firewall] tcp-proxy protected-ip 192.168.1.10 21
# Enable TCP proxy for security zone untrust.
[Firewall] zone name untrust
[Firewall-zone-untrust] tcp-proxy enable
[Firewall-zone-untrust] quit
# Create attack protection policy 1.
<Firewall> system-view
[Firewall] attack-defense policy 1
# Enable SYN flood attack protection.
[Firewall-attack-defense-policy-1] defense syn-flood enable
# Set the global action threshold for SYN flood attack protection to 100 packets per second.
[Firewall-attack-defense-policy-1] defense syn-flood rate-threshold high 100
# Configure the device to use the TCP proxy for subsequent packets after a SYN flood attack is detected.
[Firewall-attack-defense-policy-1] defense syn-flood action trigger-tcp-proxy
[Firewall-attack-defense-policy-1] quit
# Apply policy 1 to security zone trust.
[Firewall] zone name trust
[Firewall-zone-trust] attack-defense apply policy 1
[Firewall-zone-trust] quit
Verifying the configuration
When a SYN flood attack targeting an internal server occurs, use the display tcp-proxy protected-ip
command to view information about the IP addresses protected by the TCP proxy function.
[Firewall] display tcp-proxy protected-ip
Protected IP Port number Type Lifetime(min) Rejected packets
192.168.1.10 21 Static - 20
192.168.1.11 any Dynamic 30 8
The output shows that Server A's IP address is a static entry and a dynamic entry has been added for the
attacked server.