Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
13
Item Descri
p
tion
Global Configuration
of Security Zone
Connection Rate
Threshold
Set the global maximum UDP connection rate for each host in
the current security zone.
NOTE:
In a security zone, you can configure multiple protected hosts and one
g
lobal connection rate threshold.
For a host, the host-specific setting takes precedence over the
g
lobal settin
g
of the security zone in case
conflict occurs.
Configuring SYN flood detection
From the navigation tree, select Intrusion Detection > Traffic Abnormality > SYN Flood to enter the SYN
flood detection configuration page, as shown in Figure 10. You
can select a security zone and then view
and configure SYN flood detection rules for the security zone.
Figure 10 SYN flood detection configuration page
Do the following to configure SYN flood detection:
1. In the Attack Prevention Policy section, specify the protection actions to be taken upon detection of
a SYN flood attack. If you do not select any option, the firewall only collects SYN flood attack
statistics. The available protection actions include:
Discard packets when the specified attack is detected. If detecting that a protected object in the
security zone is under SYN flood attack, the firewall drops the TCP connection requests to the
protected host to block subsequent TCP connections.
Send Reset packet to the attacked host: If detecting that a protected object in the security zone is
under SYN flood attack, the firewall releases the oldest half-open connection resources of the
protected object but does not block connection requests.
Add protected IP entry to TCP Proxy: If detecting that a protected object in the security zone is under
SYN flood attack, the firewall adds the target IP address to the protected IP list on the TCP proxy as
a dynamic one, setting the port number as any. If TCP proxy is configured for the security zone, all
TCP connection requests to the IP address will be processes by the TCP proxy until the protected IP