Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
19
Figure 18 Network diagram
Configuration considerations
To meet the requirements, perform the following configurations on the firewall:
Configure scanning detection for the untrusted zone, enable the function to add entries to the
blacklist, and set the scanning threshold to 4500 connections per second.
Configure source IP address-based connection limit for the trusted zone, and set the number of
connections each host can initiate to 100.
Configure destination IP address-based connection limit for the DMZ, and set the number of
connections the server can accommodate to 10000.
Configure SYN flood detection for the DMZ, and set the action threshold for attacks targeting the
internal server (for example, to 5000 packets per second) and the silent threshold (for example, to
1000 packets per second). Set the attack protection action to blocking subsequent packets destined
for the server.
Configuring the firewall
1. Assign IP addresses and security zones to interfaces. (Details not shown.)
2. Enable the blacklist feature:
a. From the navigation tree, select Intrusion Detection > Blacklist.
b. In the Global Configuration area, select Enable Blacklist as shown in Figure 19.
c. Cli
ck Apply.
Figure 19 Enabling the blacklist feature