R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
23
Task Remarks
Adding a protected IP address
entry
At least one method is required.
You can add protected IP address entries by either of the methods:
• Static: Add entries manually. By default, no such entries are configured in
the system.
• Dynamic: Select Intrusion Detection > Traffic Abnormality > SYN Flood,
and then select the Add protected IP entry to TCP Proxy check box. After
the configuration, the TCP proxy-enabled device will automatically add
protected IP address entries when detecting SYN flood attacks. For more
information, see the chapter “Traffic abnormality detection configuration.”
Configure to automatically
add a protected ip address
entry
Displaying information about
protected IP address entries
Optional
You can view information about all protected IP address entries.
Performing global TCP proxy setting
Select Intrusion Detection > TCP Proxy > TCP Proxy Configuration from the navigation tree to enter the
page shown in Figure 21. The Global Configuration area allows you to perform global setting for TCP
pro
xy.
Figure 21 TCP proxy configuration
Table 13 Global configuration items of TCP proxy
Item Descri
p
tion
Unidirection/Bidirediction
Set the global proxy mode of TCP proxy.
Return to TCP proxy configuration task list.
Enabling TCP proxy for a security zone
Select Intrusion Detection > TCP Proxy > TCP Proxy Configuration from the navigation tree to enter the
page shown in Figure 21. You can enable/disable the TCP proxy feature for a security zone in the Zon
e
Configuration area.
• The icon indicates that the TCP proxy feature is disabled for the corresponding security zone.
You can click the Enable button beside the icon to enable the feature.
• The icon indicates that the TCP proxy feature is enabled for the corresponding security zone.
You can click the Disable button beside the icon to disable the feature.