Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
5
Figure 7 Configuring scanning detection for the untrusted zone
9. Select security zone Untrust, select the Enable Scanning Detection option, set the scanning
threshold to 4500, select the Add the source IP to the blacklist option, and Click.
Verifying the configuration
Select Intrusion Detection > Blacklist from the navigation tree to display the list. Check whether the
manually added blacklist entries appear on the blacklist.
Check whether Firewall discards all packets from Host D before you remove the blacklist entry for
the host.
Check whether Firewall discards all packets from Host C within 50 minutes. After 50 minutes, check
whether Firewall forwards packets from Host C normally.
Check whether Firewall outputs an alarm log and adds the IP address to the blacklist when
detecting a scanning attack from the untrusted zone. You can select Intrusion Detection > Blacklist
from the navigation tree to check the blacklist for the entry.