R3303-HP 6600/HSR6600 Routers Security Configuration Guide
499
[Router-GigabitEthernet3/0/1] quit
# Enable TCP proxy on GigabitEthernet 3/0/1.
[Router] interface gigabitethernet 3/0/2
[Router-GigabitEthernet3/0/2] tcp-proxy enable
[Router-GigabitEthernet3/0/2] quit
Verifying the configuration
When a SYN flood attack targeting an internal server occurs, execute the display tcp-proxy protected-ip
command to display information about the IP addresses protected by the TCP proxy function.
[Router] display tcp-proxy protected-ip
Protected IP Port number Type Lifetime(min) Rejected packets
192.168.1.10 any Dynamic 30 8
The output shows that an entry has been added for the attacked server.