Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
23
Connection limit
When an internal user initiates a large number of connections to a host on the external network in a short
period of time, system resources on the module will be used up soon. This will make the module unable
to service other users. In addition, if an internal server receives large quantities of connection requests in
a short period of time, the server will not be able to process normal connection requests from other hosts.
To protect internal network resources (including hosts and servers) and distribute resources of the module
reasonably, you can set connection limits based on source or destination IP addresses for security zones.
When a limit based on source or destination IP address is reached or exceeded, the module will output
an alarm log and discard subsequent connection requests from or to the IP address.
Scanning detection
A scanning attack probes the addresses and ports on a network to identify the hosts attached to the
network and application ports available on the hosts and to figure out the topology of the network, so as
to get ready for further attacks.
Scanning detection detects scanning attempts by tracking the rates at which connections are initiated to
protected systems. Usually, it is deployed on the module for the external security zone and takes effect for
packets from the security zone.
If detecting that a connection rate of an IP address has reached or exceeded the threshold, the module
outputs an attack alarm log, blocks the subsequent connection requests from the IP address, and
blacklists the IP address, depending on your configuration.
Configuring traffic abnormality detection
Configuring traffic abnormality detection involves the following:
Configuring ICMP flood detection
Configuring UDP flood detection
Configuring SYN flood detection
Configuring connection limit
Configuring scanning detection
Configuring ICMP flood detection
NOTE:
ICMP flood detection is mainly intended to protect servers and is usually configured for an internal zone.
Select Security > Intrusion Detection from the navigation tree and then select the ICMP Flood tab to enter
the ICMP flood detection configuration page, as shown in Figure 24. Y
ou can select a security zone and
then view and configure ICMP flood detection rules for the security zone.