R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
8
1. From the navigation tree, select Device Management > Interface.
2. Assign IP address 192.168.1.2/24 to interface GigabitEthernet 0/0.
3. Assign IP address 10.110.1.2/24 to interface GigabitEthernet 0/1.
4. Assign IP address 202.1.0.1/24 to interface GigabitEthernet 0/2.
# Assign the interfaces to security zones.
1. From the navigation tree, select Device Management > Zone.
2. Assign interface GigabitEthernet 0/0 to the trusted zone.
3. Assign interface GigabitEthernet 0/1 to the DMZ zone.
4. Assign interface GigabitEthernet 0/2 to the untrusted zone.
# Enable the Land attack packet inspection function for the untrusted zone.
1. From the navigation tree, select Intrusion Detection > Packet Inspection.
2. Select Untrust from the Zone dropdown list.
3. Select Discard Packets when the specified attack is detected.
4. Select Enable Land Attack Detection.
5. Click Apply to complete the configuration.
Configuration verification
Now, the firewall should be able to output alarm logs when interface GigabitEthernet 0/2 receives
packets with the Land attack characteristics and drop the packets.