R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
27
Figure 28 SYN flood detection configuration page
Do the following to configure SYN flood detection:
1. In the Attack Prevention Policy area, specify the protection actions to be taken upon detection of a
SYN flood attack. If you do not select any option, the module only collects SYN flood attack
statistics. The available protection actions include:
a. Discard packets when the specified attack is detected. If detecting that a protected object in the
security zone is under SYN flood attack, the module drops the TCP connection requests to the
protected host to block subsequent TCP connections.
b. Add protected IP entry to TCP Proxy: If detecting that a protected object in the security zone is
under SYN flood attack, the module adds the target IP address to the protected IP list on the
TCP proxy as a dynamic one, setting the port number as any. If TCP proxy is configured for the
security zone, all TCP connection requests to the IP address will be processes by the TCP proxy
until the protected IP entry gets aged out. Note that if you select this option, you are
recommended to configure the TCP proxy feature on the page you can enter by selecting the
TCP Proxy Configuration tab.
2. In the SYN Flood Configuration area, view the configured SYN flood detection rules, or click Add
to enter the page shown in Figure 29 to
configure a SYN flood detection rule.