R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
19
Table 9 Configuration items
Item Descri
p
tion
Security Zone
Select a security zone to perform connection limit configuration
for it.
Discard packets when the specified attack is
detected
Select this option to discard subsequent packets destined for or
sourced from an IP address when the number of the connections
for that IP address has exceeded the limit.
Enable connection limit per source IP
Select the option to set the maximum number of connections that
can be present for a source IP address.
Threshold
Enable connection limit per dest IP
Select the option to set the maximum number of connections that
can be present for a destination IP address.
Threshold
Configuring scanning detection
NOTE:
• Scanning detection is intended to detect scanning behaviors and is usually configured for an external
zone.
• Scanning detection can be configured to add blacklist entries automatically. If you remove such a
blacklist entry, the system will not add the entry back to the blacklist during a period of time. This is
because the system considers that the subsequent packets are from the same attack.
From the navigation tree, select Intrusion Detection > Traffic Abnormality > Scanning Detection to enter
the scanning detection configuration page, as shown in Figure 20. Y
ou can select a security zone and
then view and configure the scanning detection rule for the security zone. Table 10 list
s the scanning
detection configuration items.
Figure 20 Scanning detection configuration page
Table 10 Configuration items
Item Descri
p
tion
Security Zone
Select a security zone to perform scanning detection configuration for it.
Enable Scanning Detection Select this option to enable scanning detection for the security zone.
Scanning Threshold Set the maximum connection rate for a source IP address.