Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
18
Table 8 Configuration items
Item Descri
p
tion
Protected Host
Configuration
IP Address
Specify the IP address of the protected host.
Action Threshold
Set the protection action threshold for SYN flood attacks that
target the protected host.
If the sending rate of SYN packets destined for the specified IP
address constantly reaches or exceeds this threshold, the
firewall enters the attack protection state and takes attack
protection actions as configured.
Silent Threshold
Set the silent threshold for actions that protect against SYN
flood attacks targeting the protected host.
If the sending rate of SYN packets destined for the specified IP
address drops below this threshold, the firewall returns to the
attack detection state and stops the protection actions.
Global Configuration
of Security Zone
Action Threshold
Set the protection action threshold for SYN flood attacks that
target a host in the protected security zone.
If the sending rate of SYN packets destined for a host in the
security zone constantly reaches or exceeds this threshold, the
firewall enters the attack protection state and takes attack
protection actions as configured.
Silent Threshold
Set the silent threshold for actions that protect against SYN
flood attacks targeting a host in the protected security zone.
If the sending rate of SYN packets destined for a host in the
security zone drops below this threshold, the firewall returns to
the attack detection state and stops the protection actions.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
Configuring connection limit
From the navigation tree, select Intrusion Detection > Traffic Abnormality > Connection Limit to enter the
connection limit configuration page, as shown in Figure 19. Y
ou can select a security zone and then view
and configure the connection limit for the security zone. Table 9 des
cribes the connection limit
configuration items.
Figure 19 Connection limit configuration page