Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
22
Select zone Untrust.
Select the Enable Scanning Detection option.
Set the scanning threshold to 4500 connections per second.
Select the Add the source IP to the blacklist option.
Click Apply.
# Configure connection limits for the trusted zone.
From the navigation tree, select Intrusion Detection > Traffic Abnormality > Connection Limit. The
connection limit configuration page appears, as shown in Figure 24.
Figure 24 Configuring connection limit for the truste
d zone
Perform the following operations on the page:
Select zone Trust.
Select the Discard packets when the specified attack is detected option.
Select the Enable connection limit per source IP option and set the threshold to 100.
Click Apply.
# Configure connection limits for the DMZ as shown in Figure 25.
Figure 25 Configuring connection limit for the DMZ
Perform the following operations on the page:
Select zone DMZ.
Select the Discard packets when the specified attack is detected option.
Select the Enable connection limit per dest IP option and set the threshold to 10000.
Click Apply.
# Configure SYN flood detection for the DMZ.
From the navigation tree, select Intrusion Detection > Traffic Abnormality > SYN Flood. The SYN flood
detection confirmation page appears.