HP 7100/7200 IPsec dl Module : R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101 : Page 3

i

Contents

Configuring blacklist ···················································································································································· 1

Overview ············································································································································································ 1

Recommended configuration procedure························································································································· 1

Enabling the blacklist function ································································································································ 2

Adding a blacklist entry manually ··································································································································· 2

Viewing the blacklist ························································································································································· 3

Blacklist configuration example ······································································································································· 3

Verifying the configuration ······································································································································ 5

Configuring packet inspection ···································································································································· 6

Overview ············································································································································································ 6

Configuration procedure ·················································································································································· 7

Packet inspection configuration example ······················································································································· 8

Network requirements ·············································································································································· 8

Configuration procedure ········································································································································· 8

Verifying the configuration ······································································································································ 9

Configuring traffic abnormality detection ················································································································ 10

Overview ········································································································································································· 10

Flood detection ······················································································································································ 10

Connection limit ····················································································································································· 11

Scanning detection ················································································································································ 11

Configuring ICMP flood detection ································································································································ 11

Configuring UDP flood detection·································································································································· 13

Configuring DNS flood detection ································································································································· 15

Configuring SYN flood detection ································································································································· 16

Configuring connection limit ································································································································ 18

Configuring scanning detection ··························································································································· 19

Traffic abnormality detection configuration example ································································································· 20

Network requirements ··········································································································································· 20

Configuration considerations ······························································································································· 20

Configuration procedure ······································································································································ 21

Verifying the configuration ··································································································································· 23

Configuring URPF ······················································································································································· 25

URPF overview ································································································································································ 25

What is URPF ························································································································································· 25

How URPF works ··················································································································································· 25

Configuration procedure ··············································································································································· 26

URPF configuration example ········································································································································· 27

Configuring TCP proxy ·············································································································································· 30

Overview ········································································································································································· 30

SYN flood attack ··················································································································································· 30

TCP proxy ······························································································································································· 30

How TCP proxy working mechanism ·················································································································· 31

Configuring TCP proxy ·················································································································································· 32

Recommended configuration procedure ············································································································· 32

Performing global TCP proxy setting ··················································································································· 33

Enabling TCP proxy for a security zone ············································································································· 33

Adding a protected IP address entry ··················································································································· 33