Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
14
entry gets aged out. If you select this option, it is good practice to configure the TCP proxy feature
on the page you can enter after selecting Intrusion Detection > TCP Proxy.
2. In the SYN Flood Configuration section, view the configured SYN flood detection rules, or click
Add to enter the page shown in Figure 11 to configure a SYN flood detec
tion rule.
Figure 11 Add a SYN flood detection rule
Table 8 SYN flood detection configuration items
Item Descri
p
tion
Protected Host
Configuration
IP Address
Specify the IP address of the protected host.
Connection Rate
Threshold
Set the maximum TCP connection rate for the IP address.
Half Connection
Count
Set the maximum number of the half-open TCP connections that
can be present for the IP address.
Global Configuration
of Security Zone
Connection Rate
Threshold
Set the global maximum TCP connection rate for each host in
the current security zone.
Half Connection
Count
Set the global maximum number of half-open TCP connections
that can be present for each host in the current security zone.
NOTE:
In a security zone, you can confi
g
ure multiple protected hosts and one
g
lobal connection rate threshold.
For a host, the host-specific setting overrides the global setting of the security zone in case conflict
occurs.
Configuring connection limits
From the navigation tree, select Intrusion Detection > Traffic Abnormality > Connection Limit to enter the
connection limit configuration page, as shown in Figure 12. You can select a security zone and then view
and confi
gure the connection limit for the security zone.