3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

181

182

183

184

185

186

187

188

189

190

186 CHAPTER 11: LOG MAINTENANCE

[secblade] ip route-static 10.0.0.0 24 30.0.0.1

# Enable the information center and set the IP address of the log host in the trust

zone to 10.0.0.1.

[secblade] info-center enable

[secblade] info-center loghost 10.0.0.1 language english

# Enable the port-scan attack switch to add source address of the attacker to

blacklist, set aging time to 10 minutes, and enable the blacklist function.

[secblade] firewall defend port-scan max-rate 100 blacklist-timeout 10

[secblade] firewall blacklist enable

# Enable IP outbound packet statistics in the trust zone.

[secblade] firewall zone trust

[secblade-zone-trust] statistics enable ip outzone

You can use a tool (such as nmap) on the PC in untrust zone to perform port

scanning over the server in trust zone. Then, the firewall adds the address of the

PC to blacklist (aging time is set to 10 minutes) and immediately outputs blacklist

log information. After the scanning time for attack prevention reaches, the system

outputs log information about UDP port-scan attack.

Outputting Binary-Flow

Log to Host

Network requirements

On the Firewall module, add GigabitEthernet 0/0.1, GigabitEthernet 0/0.2 and

GigabitEthernet 0/0.3 sub-interfaces to the trust zone, untrust zone and DMZ

respectively.

Network diagram

Refer to Figure 31.

Configuration procedures

Switch 8807 (SecBlade)

# Divide VLANs.

<SW8800> system-view

[SW8800] vlan 10

[3Com-vlan10] quit

[SW8800] vlan 30

[3Com-vlan30] quit

[SW8800] vlan 50

[3Com-vlan50] quit

[SW8800] vlan 60

[3Com-vlan60] quit

# Configure the IP address.

[SW8800] interface vlan-interface 10

[3Com-Vlan-interface10] ip address 10.0.0.254 24

[3Com-Vlan-interface10] quit

[SW8800] interface vlan-interface 30