Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Attack Protection Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
7
syn-received: SYN_RECEIVED state of a TCP connection.
connection-number number: Maximum number of TCP connections in a certain state. The argument
number is in the range of 0 to 500.
Description
Use tcp state to configure the maximum number of TCP connections in a state. When this number is
exceeded, the aging of TCP connections in this state will be accelerated.
Use undo tcp state to restore the default.
By default, the maximum number of TCP connections in each state is 5.
You need to enable the protection against Naptha attack before executing this command. Otherwise, an
error will be prompted.
You can respectively configure the maximum number of TCP connections in each state.
If the maximum number of TCP connections in a state is 0, the aging of TCP connections in this state will
not be accelerated.
Related commands: tcp anti-naptha enable.
Examples
# Set the maximum number of TCP connections in the ESTABLISHED state to 100.
<Sysname> system-view
[Sysname] tcp anti-naptha enable
[Sysname] tcp state established connection-number 100
tcp syn-cookie enable
Syntax
tcp syn-cookie enable
undo tcp syn-cookie enable
View
System view
Default level
2: System level
Parameters
None
Description
Use tcp syn-cookie enable to enable the SYN Cookie feature to protect the device against SYN Flood
attacks.
Use undo tcp syn-cookie enable to disable the SYN Cookie feature.
By default, the SYN Cookie feature is enabled.
Examples
# Enable the SYN Cookie feature.
<Sysname> system-view
[Sysname] tcp syn-cookie enable