3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

161

162

163

164

165

166

167

168

169

170

Attack Prevention and Packet Statistics Configuration Example 169

# Add the sub-interface of the internal network to the trust zone.

[secblade] firewall zone trust

[secblade-zone-trust] add interface GigabitEthernet 0/0.1

[secblade-zone-trust] quit

# Add the sub-interface of the external network to the untrust zone.

[secblade] firewall zone untrust

[secblade-zone-untrust] add interface GigabitEthernet 0/0.2

[secblade-zone-untrust] quit

# Add sub-interface GigabitEthernet0/0.3 to the DMZ.

[secblade] firewall zone DMZ

[secblade-zone-DMZ] add interface GigabitEthernet 0/0.3

[secblade-zone-DMZ] quit

# Configure the static route.

[secblade] ip route-static 10.0.0.0 24 30.0.0.1

# Enable Land attack prevent function.

[secblade] firewall defend land

Enabling the SYN Flood

Attack Prevention

Function

Network requirements

On the Firewall module, add GigabitEthernet 0/0.1, GigabitEthernet 0/0.2 and

GigabitEthernet 0/0.3 sub-interfaces to the trust zone, untrust zone and DMZ

zone respectively. You are required to enable the SYN Flood attack prevention

function on the server in the DMZ zone.

Network diagram

Refer to Figure 31.

Configuration procedure

Switch 8807 (SecBlade)

# Divide VLANs.

<SW8800> system-view

[SW8800] vlan 10

[3Com-vlan10] quit

[SW8800] vlan 30

[3Com-vlan30] quit

[SW8800] vlan 50

[3Com-vlan50] quit

[SW8800] vlan 60

[3Com-vlan60] quit

# Configure the IP address.

[SW8800] interface vlan-interface 10

[3Com-Vlan-interface10] ip address 10.0.0.254 24

[3Com-Vlan-interface10] quit