Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
17
Item
Descri
p
tion
Silent
Threshold
Set the silent threshold for actions that
protect against SYN flood attacks
targeting a host in the protected security
zone.
If the sending rate of SYN packets
destined for a host in the security zone
drops below this threshold, the device
returns to the attack detection state and
stops the protection actions.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
Configuring connection limits
1. From the navigation tree, select Intrusion Detection > Traffic Abnormality > Connection Limit.
The connection limit configuration page appears.
Figure 16 Connection limit configuration page
2. Configure the connection limits for the security zone, as described in Table 7.
3. Click Apply.
Table 7 Configuration items
Item Descri
p
tion
Security Zone
Select a security zone to perform connection limit configuration
for it.
Discard packets when the specified attack
is detected
Select this option to discard subsequent packets destined for or
sourced from an IP address when the number of the connections
for that IP address has exceeded the limit.
Enable connection limit per source IP
Select the option to set the maximum number of connections that
can be present for a source IP address.
Threshold
Enable connection limit per dest IP
Select the option to set the maximum number of connections that
can be present for a destination IP address.
Threshold
Configuring scanning detection
Scanning detection is intended to detect scanning behaviors and is typically configured for an external
zone.
To configure scanning detection: