R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
22
between the client and the server. After the TCP connection is established, the TCP proxy forwards the
subsequent packets of the connection without additional processing.
Bidirectional proxy
Figure 20 shows the data exchange process of bidirectional proxy.
Figure 20 Data exchange process of bidirectional proxy
After receiving a SYN message from a client to the protected server (such a message matches a protected
IP address entry), the TCP proxy sends back a SYN ACK message with the window size being 0 on
behalf of the server. If the client is legitimate, the TCP proxy will receive an ACK message, and then sets
up a connection between itself and the server through a three-way handshake on behalf of the client. As
two TCP connections are established, different sequence numbers are used. They are translated by the
TCP proxy for data exchange between the client and the server.
Configuring TCP proxy
Configuration task list
Perform the tasks in Table 12 to configure TCP proxy.
Table 12 TCP proxy configuration task list
Task Remarks
Performing global TCP proxy
setting
Optional
The configuration is effect on all security zones.
By default, bidirectional proxy is used.
Enabling TCP proxy for a
security zone
Required
By default, the TCP proxy feature is disabled globally.