R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
17
Figure 17 SYN flood detection configuration page
To configure SYN flood detection, follow these steps:
1. In the Attack Prevention Policy area, specify the protection actions to be taken upon detection of a
SYN flood attack. If you do not select any option, the firewall only collects SYN flood attack
statistics. The available protection actions include:
{ Discard packets when the specified attack is detected. If detecting that a protected object in the
security zone is under SYN flood attack, the firewall drops the TCP connection requests to the
protected host to block subsequent TCP connections.
{ Add protected IP entry to TCP Proxy. If detecting that a protected object in the security zone is
under SYN flood attack, the firewall adds the target IP address to the protected IP list on the TCP
proxy as a dynamic one, setting the port number as any. If TCP proxy is configured for the
security zone, all TCP connection requests to the IP address will be processes by the TCP proxy
until the protected IP entry gets aged out. If you select this option, configure the TCP proxy
feature on the page you can enter after selecting Intrusion Detection > TCP Proxy.
2. In the SYN Flood Configuration area, view the configured SYN flood detection rules, or click Add
to enter the page shown in Figure 18 to
configure a SYN flood detection rule. Table 8 describes
the configuration items.
Figure 18 Adding a SYN flood detection rule