R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
41
Task Remarks
Adding a protected IP address
entry
At least one method is required.
You can add protected IP address entries by either of the methods:
• Static: Add entries manually. By default, no such entries are configured in
the system.
• Dynamic: Select Security > Intrusion Detection from the navigation tree
and then select the SYN Flood tab. Select the Add protected IP entry to TCP
Proxy check box. After the configuration, the TCP proxy-enabled LB
module will automatically add protected IP address entries when detecting
SYN flood attacks.
Configure to Automatically
Add a Protected IP address
Entry
Displaying information about
protected IP address entries
Optional
You can view information about all protected IP address entries.
Performing global TCP proxy setting
Select Security > Intrusion Detection from the navigation tree and then select the TCP Proxy Configuration
tab to enter the page shown in Figure 44. T
he Global Configuration area allows you to perform global
setting for TCP proxy.
Figure 44 TCP proxy configuration
Table 17 describes the global configuration items of TCP proxy.
Table 17 Global configuration items of TCP proxy
Item Descri
p
tion
Unidirection/Bidirediction
Set the global proxy mode of TCP proxy.
Return to TCP proxy configuration task list.
Enabling TCP proxy for a security zone
Select Security > Intrusion Detection from the navigation tree and then select the TCP Proxy Configuration
tab to enter the page shown in Figure 44.
You can enable/disable the TCP proxy feature for a security
zone in the Zone Configuration area.
• The icon indicates that the TCP proxy feature is disabled for the corresponding security zone.
You can click the Enable button beside the icon to enable the feature.