Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
i
Contents
Configuring attack detection and protection ············································································································· 1
Overview ············································································································································································ 1
Types of network attacks the device can defend against ···················································································· 1
Connection limit ························································································································································ 3
Blacklist function ······················································································································································· 3
Traffic statistics function ··········································································································································· 4
TCP proxy ·································································································································································· 4
Intrusion detection statistics ····································································································································· 6
Configuring attack detection and protection in the Web interface ············································································· 7
Configuring packet inspection ································································································································ 7
Packet inspection configuration example ·············································································································· 8
Configuring traffic abnormality detection ·············································································································· 9
Traffic abnormality detection configuration example ························································································ 18
Configuring TCP proxy ········································································································································· 22
TCP proxy configuration example ······················································································································· 25
Configuring blacklist ············································································································································· 27
Blacklist configuration example ··························································································································· 29
Displaying intrusion detection statistics ··············································································································· 31
Configuring the attack detection and protection at the CLI ······················································································· 34
Attack detection and protection configuration task list ····················································································· 34
Creating an attack protection policy ··················································································································· 34
Enabling attack protection logging ····················································································································· 35
Configuring an attack protection policy ············································································································· 35
Applying an attack protection policy to a security zone ·················································································· 39
Configuring TCP proxy ········································································································································· 39
Configuring the blacklist function ························································································································ 40
Enabling traffic statistics for a security zone ······································································································ 40
Displaying and maintaining attack detection and protection ··········································································· 41
Attack protection functions on security zones configuration example ····························································· 41
Blacklist configuration example ··························································································································· 43
Traffic statistics configuration example ··············································································································· 44
TCP proxy configuration example ······················································································································· 46
Configuring ARP attack protection ···························································································································· 48
Overview ········································································································································································· 48
ARP attack protection configuration task list ··············································································································· 48
Configuring unresolvable IP attack protection ············································································································ 49
Configuring ARP source suppression ·················································································································· 49
Enabling ARP blackhole routing ·························································································································· 49
Displaying and maintaining ARP source suppression ······················································································· 50
Unresolvable IP attack protection configuration example ························································································· 50
Configuring source MAC-based ARP attack detection ······························································································ 51
Displaying and maintaining source MAC-based ARP attack detection ··························································· 52
Source MAC-based ARP attack detection configuration example ··································································· 52
Configuring ARP packet source MAC consistency check ·························································································· 53
Configuring ARP active acknowledgement ················································································································· 54
Configuring periodic sending of gratuitous ARP packets ·························································································· 55
Configuration restrictions and guidelines ··········································································································· 56
Configuring periodic sending of gratuitous ARP packets ················································································· 56