Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
23
Figure 26 Configuring SYN flood detection for the DMZ
Perform the following operations on the page:
Select zone DMZ.
In the Attack Prevention Policy area, select the Discard packets when the specified attack is
detected option.
Click Apply.
In the SYN Flood Configuration area, click Add. The SYN flood attack detection page appears.
Figure 27 Configuring a SYN flood attack detection rule for the server
Perform the following operations on the page:
Select the Protected Host Configuration option.
Specify the IP address as 10.1.1.2.
Set the action threshold to 5000 packets per second.
Set the silent threshold to 1000 packets per second.
Click Apply to complete the configuration.
Verifying the configuration
After a scanning attack packet is received from zone Untrust, Firewall should output alarm logs and
add the IP address of the attacker to the blacklist. You can select Intrusion Detection > Blacklist from
the navigation tree to view whether the attacker's IP address is on the blacklist.